Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,841 exploits
Referência
CVE-2013-2068
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow re
50RISK
open ↗Referência
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description fiel
35RISK
open ↗Referência
CVE-2018-0780
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtai
35RISK
open ↗Referência
phpRealty 0.02 - 'MGR' Multiple Remote File Inclusions
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP cod
35RISK
open ↗Referência
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers t
35RISK
open ↗Referência
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers t
35RISK
open ↗Referência
CVE-2015-7601
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISK
open ↗Referência
CVE-2015-7601
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISK
open ↗Referência
CVE-2018-6605
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, get
50RISK
open ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISK
open ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISK
open ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISK
open ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISK
open ↗Referência
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISK
open ↗Referência
CVE-2009-2485
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a
50RISK
open ↗Referência
HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as u
35RISK
open ↗Referência
XMPlay 3.3.0.4 - '.M3U' Filename Local Buffer Overflow
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via
50RISK
open ↗Referência
CVE-2017-8618
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server
35RISK
open ↗Referência
CVE-2012-4177
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -
50RISK
open ↗Referência
CVE-2025-2746
Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
100RISK
open ↗Referência
CVE-2025-2746
Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
100RISK
open ↗Referência
CVE-2021-46381
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd]
50RISK
open ↗Referência
eNetman 20050830 - 'index.php' Remote File Inclusion
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code
35RISK
open ↗Referência
CVE-2022-30075
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RISK
open ↗Referência
CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/lo
50RISK
open ↗Referência
CVE-2019-10475
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RISK
open ↗Referência
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
35RISK
open ↗Referência
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
35RISK
open ↗Referência
CVE-2016-3078
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denia
35RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.