Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,841 exploits
Referência
CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a
35RISK
open ↗Referência
CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a
35RISK
open ↗Referência
CVE-2015-4553
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
35RISK
open ↗Referência
CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in msh
60RISK
open ↗Referência
CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in msh
60RISK
open ↗Referência
CVE-2017-6527
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal att
50RISK
open ↗Referência
Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 200
35RISK
open ↗Referência
Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 200
35RISK
open ↗Referência
CVE-2015-3080
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
35RISK
open ↗Referência
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RISK
open ↗Referência
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RISK
open ↗Referência
Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Remote Buffer Overflow
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used
50RISK
open ↗Referência
CVE-2016-0784
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1
35RISK
open ↗Referência
CVE-2016-0784
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1
35RISK
open ↗Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISK
open ↗Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISK
open ↗Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISK
open ↗Referência
Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSC
35RISK
open ↗Referência
CVE-2015-1701
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RISK
open ↗Referência
CVE-2015-1701
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RISK
open ↗Referência★ 19
watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
75RISK
open ↗Referência
CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows
100RISK
open ↗Referência
CVE-2013-1469
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbit
35RISK
open ↗Referência
TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RISK
open ↗Referência
CVE-2017-6019
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830
35RISK
open ↗Referência
CVE-2013-1469
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbit
35RISK
open ↗Referência
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗Referência
CVE-2010-1472
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attac
43RISK
open ↗Referência
CVE-2010-2115
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted
50RISK
open ↗Referência
CVE-2019-5825
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.