Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
CVE-2018-13379CRITICALunder attackransomware19 Aug 2019
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISK
open
Exploit-DB
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
CVE-2018-13379CRITICALunder attackransomware19 Aug 2019
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISK
open
Exploit-DB
Webmin 1.920 - Remote Code Execution
CVE-2019-15107CRITICALunder attackransomware19 Aug 2019
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream
CVE-2019-802415 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx
CVE-2019-1148MEDIUM15 Aug 2019
Microsoft Graphics Component Information Disclosure Vulnerability
33RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
CVE-2019-1153MEDIUM15 Aug 2019
Microsoft Graphics Component Information Disclosure Vulnerability
33RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
CVE-2019-1145HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList
CVE-2019-1144HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
CVE-2019-1152HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream
CVE-2019-804815 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
35RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
CVE-2019-1150HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
CVE-2019-1150HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
CVE-2019-1149HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream
CVE-2019-804915 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String
CVE-2019-866315 Aug 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker
23RISK
open
Exploit-DB
Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts
CVE-2019-801715 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators
CVE-2019-801615 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF
CVE-2019-805015 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
35RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream
CVE-2019-804515 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream
CVE-2019-804415 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
CVE-2019-1151HIGH15 Aug 2019
Microsoft Graphics Remote Code Execution Vulnerability
46RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font
CVE-2019-804215 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream
CVE-2019-804315 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream
CVE-2019-804615 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll
CVE-2019-804115 Aug 2019
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 20
28RISK
open
Exploit-DB
TortoiseSVN 1.12.1 - Remote Code Execution
CVE-2019-1442214 Aug 2019
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel w
28RISK
open
Exploit-DB
D-Link DIR-600M - Authentication Bypass (Metasploit)
CVE-2019-1310114 Aug 2019
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without
50RISK
open
Exploit-DB
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
CVE-2019-1225512 Aug 2019
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISK
open
Exploit-DB
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
CVE-2019-1480412 Aug 2019
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template
23RISK
open
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
CVE-2019-1493112 Aug 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.