Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
CVE-2019-1047508 Nov 2019
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RISK
open
Exploit-DB
Adive Framework 2.0.7 - Privilege Escalation
CVE-2019-1434708 Nov 2019
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an ad
23RISK
open
Exploit-DB
rConfig - install Command Execution (Metasploit)
CVE-2019-1666208 Nov 2019
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open
Exploit-DB
Android Janus - APK Signature Bypass (Metasploit)
CVE-2017-1315608 Nov 2019
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,
43RISK
open
Exploit-DB
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
CVE-2019-882005 Nov 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPad
23RISK
open
Exploit-DB
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)
CVE-2019-1166004 Nov 2019
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RISK
open
Exploit-DB
Nostromo - Directory Traversal Remote Command Execution (Metasploit)
CVE-2019-16278CRITICALunder attack01 Nov 2019
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISK
open
Exploit-DB
Apache Solr 8.2.0 - Remote Code Execution
CVE-2019-17558HIGHunder attack01 Nov 2019
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISK
open
Exploit-DB
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
CVE-2019-397831 Oct 2019
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queri
28RISK
open
Exploit-DB
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
CVE-2019-876530 Oct 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Proc
23RISK
open
Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
CVE-2015-000829 Oct 2019
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Wind
28RISK
open
Exploit-DB
rConfig 3.9.2 - Remote Code Execution
CVE-2019-1666229 Oct 2019
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open
Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
CVE-2015-000929 Oct 2019
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, W
23RISK
open
Exploit-DB
PHP-FPM + Nginx - Remote Code Execution
CVE-2019-11043HIGHunder attackransomware28 Oct 2019
Underflow in PHP-FPM can lead to RCE
100RISK
open
Exploit-DB
ClonOs WEB UI 19.09 - Improper Access Control
CVE-2019-1841825 Oct 2019
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be
23RISK
open
Exploit-DB
Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
CVE-2019-13272HIGHunder attack24 Oct 2019
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open
Exploit-DB
Rocket.Chat 2.1.0 - Cross-Site Scripting
CVE-2019-1722023 Oct 2019
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
23RISK
open
Exploit-DB
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
CVE-2019-1595422 Oct 2019
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISK
open
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
CVE-2019-1096922 Oct 2019
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthor
23RISK
open
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
CVE-2019-1096322 Oct 2019
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from
23RISK
open
Exploit-DB
Solaris 11.4 - xscreensaver Privilege Escalation
CVE-2019-3010HIGHunder attack21 Oct 2019
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)
CVE-2019-819721 Oct 2019
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISK
open
Exploit-DB
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
CVE-2019-949121 Oct 2019
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to
28RISK
open
Exploit-DB
ThinVNC 1.0b1 - Authentication Bypass
CVE-2019-1766217 Oct 2019
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISK
open
Exploit-DB
Whatsapp 2.19.216 - Remote Code Execution
CVE-2019-1193216 Oct 2019
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version
35RISK
open
Exploit-DB
sudo 1.8.27 - Security Bypass
CVE-2019-1428715 Oct 2019
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RISK
open
Exploit-DB
Kirona-DRS 5.5.3.5 - Information Disclosure
CVE-2019-1750414 Oct 2019
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vuln
23RISK
open
Exploit-DB
Apache Httpd mod_rewrite - Open Redirects
CVE-2019-1009814 Oct 2019
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential m
60RISK
open
Exploit-DB
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
CVE-2019-1009214 Oct 2019
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page
60RISK
open
Exploit-DB
Kirona-DRS 5.5.3.5 - Information Disclosure
CVE-2019-1750314 Oct 2019
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.