Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
FusionPBX 4.4.8 - Remote Code Execution
CVE-2019-1502906 Sep 2019
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service
28RISK
open
Exploit-DB
AwindInc SNMP Service - Command Injection (Metasploit)
CVE-2017-1670905 Sep 2019
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISK
open
Exploit-DB
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
CVE-2019-15889MEDIUM04 Sep 2019
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by t
53RISK
open
Exploit-DB
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
CVE-2019-1067704 Sep 2019
Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devic
23RISK
open
Exploit-DB
Cisco UCS Director - default scpuser password (Metasploit)
CVE-2019-1935CRITICAL03 Sep 2019
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISK
open
Exploit-DB
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
CVE-2019-1663CRITICAL03 Sep 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1622MEDIUM03 Sep 2019
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RISK
open
Exploit-DB
ktsuss 1.4 - suid Privilege Escalation (Metasploit)
CVE-2011-292103 Sep 2019
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified com
60RISK
open
Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1619CRITICAL03 Sep 2019
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISK
open
Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1620CRITICAL03 Sep 2019
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISK
open
Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
CVE-2019-1323602 Sep 2019
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the man
23RISK
open
Exploit-DB
Craft CMS 2.7.9/3.2.5 - Information Disclosure
CVE-2019-1428002 Sep 2019
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images whe
23RISK
open
Exploit-DB
Alkacon OpenCMS 10.5.x - Local File inclusion
CVE-2019-1323702 Sep 2019
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an atta
23RISK
open
Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
CVE-2019-1323402 Sep 2019
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
23RISK
open
Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
CVE-2019-1323502 Sep 2019
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
23RISK
open
Exploit-DB
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
CVE-2019-101012430 Aug 2019
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to
23RISK
open
Exploit-DB
Canon PRINT 2.5.5 - Information Disclosure
CVE-2019-1433930 Aug 2019
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly res
23RISK
open
Exploit-DB
Asus Precision TouchPad 11.0.0.25 - Denial of Service
CVE-2019-1070930 Aug 2019
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP devic
28RISK
open
Exploit-DB
DomainMod 4.13 - Cross-Site Scripting
CVE-2019-1581130 Aug 2019
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
38RISK
open
Exploit-DB
Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
CVE-2019-868929 Aug 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RISK
open
Exploit-DB
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
CVE-2019-908328 Aug 2019
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is
28RISK
open
Exploit-DB
Tableau - XML External Entity
CVE-2019-15637HIGH27 Aug 2019
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to informat
46RISK
open
Exploit-DB
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
CVE-2019-10149CRITICALunder attack26 Aug 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
Exploit-DB
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
CVE-2019-1022726 Aug 2019
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
23RISK
open
Exploit-DB
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
CVE-2019-1509226 Aug 2019
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in
23RISK
open
Exploit-DB
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
CVE-2019-1170HIGH26 Aug 2019
Windows NTFS Elevation of Privilege Vulnerability
41RISK
open
Exploit-DB
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
CVE-2019-1101323 Aug 2019
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow
43RISK
open
Exploit-DB
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
CVE-2019-11510CRITICALunder attackransomware21 Aug 2019
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISK
open
Exploit-DB
LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)
CVE-2019-985121 Aug 2019
LibreLogo global-event script execution
60RISK
open
Exploit-DB
QEMU - Denial of Service
CVE-2019-1437820 Aug 2019
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas
28RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.