Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,841 exploits
Referência
MKPortal NoBoard Module (Beta) - Remote File Inclusion
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attack
35RISK
open ↗Referência
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the
68RISK
open ↗Referência
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RISK
open ↗Referência
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RISK
open ↗Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISK
open ↗Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISK
open ↗Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISK
open ↗Referência
CVE-2015-1172
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 a
50RISK
open ↗Referência
Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 al
50RISK
open ↗Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISK
open ↗Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISK
open ↗Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISK
open ↗Referência
Racer 0.5.3 Beta 5 - Remote Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbit
50RISK
open ↗Referência
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privilege
50RISK
open ↗Referência
Dayfox Blog 4 - 'postpost.php' Remote Code Execution
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute
35RISK
open ↗Referência
CVE-2016-9796
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP pro
28RISK
open ↗Referência
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privilege
50RISK
open ↗Referência
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof
50RISK
open ↗Referência
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof
50RISK
open ↗Referência
Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068)
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 20
50RISK
open ↗Referência
CVE-2020-3187
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISK
open ↗Referência
CVE-2008-2463
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snaps
50RISK
open ↗Referência
CVE-2017-17562
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISK
open ↗Referência
CVE-2018-6065
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Ch
83RISK
open ↗Referência
ASP.NET w3wp - COM Components Remote Crash
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM com
35RISK
open ↗Referência
CVE-2021-33393
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open ↗Referência
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary
50RISK
open ↗Referência
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.