Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
CVE-2013-7331MEDIUMunder attack09 Sep 2014
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RISK
open
Metasploit600
ManageEngine Eventlog Analyzer Arbitrary File Upload
CVE-2014-603731 Aug 2014
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISK
open
Metasploit600
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
CVE-2014-500531 Aug 2014
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers
60RISK
open
Metasploit600
ActualAnalyzer 'ant' Cookie Command Execution
CVE-2014-5470CRITICAL28 Aug 2014
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for pa
68RISK
open
Metasploit300
ManageEngine DeviceExpert User Credentials
CVE-2014-537728 Aug 2014
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user acc
50RISK
open
Metasploit600
Wordpress SlideShow Gallery Authenticated File Upload
CVE-2014-546028 Aug 2014
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RISK
open
Metasploit600
Railo Remote File Include
CVE-2014-546826 Aug 2014
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cf
50RISK
open
Metasploit300
NTP Mode 6 UNSETTRAP DRDoS Scanner
CVE-2013-521125 Aug 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISK
open
Metasploit300
Netcore Router Udp 53413 Backdoor
CVE-2025-34117CRITICAL25 Aug 2014
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
68RISK
open
Metasploit300
NTP Mode 7 PEER_LIST DoS Scanner
CVE-2013-521125 Aug 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISK
open
Metasploit300
NTP Mode 6 REQ_NONCE DRDoS Scanner
CVE-2013-521125 Aug 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISK
open
Metasploit300
NTP Mode 7 GET_RESTRICT DRDoS Scanner
CVE-2013-521125 Aug 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISK
open
Metasploit300
NTP Mode 7 PEER_LIST_SUM DoS Scanner
CVE-2013-521125 Aug 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISK
open
Metasploit600
SolarWinds Storage Manager Authentication Bypass
CVE-2015-537119 Aug 2014
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scr
40RISK
open
Metasploit300
Yokogawa BKBCopyD.exe Client
CVE-2014-520809 Aug 2014
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00
23RISK
open
Metasploit300
Wordpress XMLRPC DoS
CVE-2014-526606 Aug 2014
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, doe
23RISK
open
Metasploit0
HybridAuth install.php PHP Code Execution
CVE-2014-125116CRITICAL04 Aug 2014
HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
63RISK
open
Metasploit600
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
CVE-2014-497724 Jul 2014
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute
60RISK
open
Metasploit300
BulletProof FTP Client BPS Buffer Overflow
CVE-2014-297324 Jul 2014
15RISK
open
Metasploit200
MQAC.sys Arbitrary Write Privilege Escalation
CVE-2014-497122 Jul 2014
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RISK
open
Metasploit200
MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
CVE-2014-497118 Jul 2014
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RISK
open
Metasploit300
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
CVE-2014-236417 Jul 2014
Advantech WebAccess Stack-Based Buffer Overflow
68RISK
open
Metasploit200
VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
CVE-2014-247715 Jul 2014
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.2
38RISK
open
Metasploit300
Flash "Rosetta" JSONP GET/POST Response Disclosure
CVE-2014-467108 Jul 2014
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Ad
23RISK
open
Metasploit600
Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
CVE-2014-472501 Jul 2014
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authen
50RISK
open
Metasploit600
Gitlist Unauthenticated Remote Command Execution
CVE-2014-451130 Jun 2014
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISK
open
Metasploit600
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution
CVE-2014-507325 Jun 2014
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands
60RISK
open
Metasploit600
Wing FTP Server Authenticated Command Execution
CVE-2025-47812CRITICALunder attack19 Jun 2014
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open
Metasploit600
ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection
CVE-2014-399608 Jun 2014
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central
50RISK
open
Metasploit300
OpenSSL DTLS Fragment Buffer Overflow DoS
CVE-2014-019505 Jun 2014
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
40RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.