Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Technicolor TD5130.2 - Remote Command Execution
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Comm
28RISK
open ↗Exploit-DB
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An
23RISK
open ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSe
23RISK
open ↗Exploit-DB
CBAS-Web 19.0.0 - Username Enumeration
Computrols CBAS 18.0.0 allows Username Enumeration.
23RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - Arbitrary File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
35RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
Linear eMerge E3-Series devices allow XSS.
50RISK
open ↗Exploit-DB
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could mo
28RISK
open ↗Exploit-DB
CBAS-Web 19.0.0 - Information Disclosure
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
23RISK
open ↗Exploit-DB
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
23RISK
open ↗Exploit-DB
eMerge50P 5000P 4.6.07 - Remote Code Execution
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
35RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - Cross-Site Request Forgery
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
28RISK
open ↗Exploit-DB
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
23RISK
open ↗Exploit-DB
FlexAir Access Control 2.3.35 - Authentication Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash valu
28RISK
open ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISK
open ↗Exploit-DB
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being ret
23RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
Linear eMerge E3-Series devices allow File Inclusion.
60RISK
open ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied
23RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - Privilege Escalation
Linear eMerge E3-Series devices allow File Inclusion.
60RISK
open ↗Exploit-DB
Prima Access Control 2.3.35 - Arbitrary File Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when
28RISK
open ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
28RISK
open ↗Exploit-DB
Atlassian Confluence 6.15.1 - Directory Traversal
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RISK
open ↗Exploit-DB
eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open ↗Exploit-DB
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and passw
23RISK
open ↗Exploit-DB
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
28RISK
open ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious Jav
23RISK
open ↗Exploit-DB
Optergy 2.3.0a - Username Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
28RISK
open ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISK
open ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
An out-of-bounds read was addressed with improved input validation.
28RISK
open ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RISK
open ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.