Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,166cataloged exploits
31,689CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Oracle Weblogic Server Deserialization RCE - Raw Object
CVE-2015-4852CRITICALunder attack28 Jan 2015
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open
Metasploit500
Exim GHOST (glibc gethostbyname) Buffer Overflow
CVE-2015-023527 Jan 2015
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
60RISK
open
Metasploit600
IPass Control Pipe Remote Command Execution
CVE-2015-092521 Jan 2015
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RISK
open
Metasploit600
WordPress Platform Theme File Upload Vulnerability
CVE-2015-10143CRITICAL21 Jan 2015
Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update
43RISK
open
Metasploit300
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
CVE-2014-659320 Jan 2015
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RISK
open
Metasploit600
WordPress Pixabay Images PHP Code Upload
CVE-2015-137619 Jan 2015
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remot
50RISK
open
Metasploit400
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
CVE-2015-0016HIGHunder attack13 Jan 2015
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISK
open
Metasploit600
WordPress WP EasyCart Unrestricted File Upload
CVE-2014-930808 Jan 2015
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka Wor
50RISK
open
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092106 Jan 2015
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x
23RISK
open
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092206 Jan 2015
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers'
23RISK
open
Metasploit600
ASUS infosvr Auth Bypass Command Execution
CVE-2014-958304 Jan 2015
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC
60RISK
open
Metasploit300
ManageEngine Desktop Central Administrator Account Creation
CVE-2014-786231 Dec 2014
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote at
60RISK
open
Metasploit300
Achat Unicode SEH Buffer Overflow
CVE-2025-34127CRITICAL18 Dec 2014
Achat v0.150 SEH Buffer Overflow via UDP
63RISK
open
Metasploit600
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
CVE-2014-939018 Dec 2014
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS
30RISK
open
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
CVE-2014-922217 Dec 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISK
open
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
CVE-2014-922217 Dec 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISK
open
Metasploit400
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
CVE-2014-493616 Dec 2014
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE)
43RISK
open
Metasploit600
Symantec Web Gateway 5 restore.php Post Authentication Command Injection
CVE-2014-728516 Dec 2014
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISK
open
Metasploit600
ManageEngine Multiple Products Authenticated File Upload
CVE-2014-530115 Dec 2014
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISK
open
Metasploit600
WordPress WP Symposium 14.11 Shell Upload
CVE-2014-1002111 Dec 2014
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RISK
open
Metasploit300
BMC TrackIt! Unauthenticated Arbitrary User Password Change
CVE-2014-827009 Dec 2014
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose na
23RISK
open
Metasploit600
Lexmark MarkVision Enterprise Arbitrary File Upload
CVE-2014-874109 Dec 2014
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allo
60RISK
open
Metasploit600
ProjectSend Arbitrary File Upload
CVE-2014-956702 Dec 2014
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISK
open
Metasploit300
ManageEngine NetFlow Analyzer Arbitrary File Download
CVE-2014-544530 Nov 2014
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 a
60RISK
open
Metasploit600
Tuleap PHP Unserialize Code Execution
CVE-2014-879127 Nov 2014
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated
43RISK
open
Metasploit600
WordPress RevSlider File Upload and Execute Vulnerability
CVE-2014-973526 Nov 2014
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier
60RISK
open
Metasploit300
Adobe Flash Player PCRE Regex Vulnerability
CVE-2015-031825 Nov 2014
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442
60RISK
open
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842425 Nov 2014
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authenticatio
50RISK
open
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842325 Nov 2014
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute ar
50RISK
open
Metasploit300
WordPress Long Password DoS
CVE-2014-901620 Nov 2014
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.