Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit300
OpenSSL DTLS Fragment Buffer Overflow DoS
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
40RISK
open ↗Metasploit0
Chkrootkit Local Privilege Escalation
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute a
38RISK
open ↗Metasploit300
Ericom AccessNow Server Buffer Overflow
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open ↗Metasploit300
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open ↗Metasploit300
D-Link info.cgi POST Request Buffer Overflow
D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE
63RISK
open ↗Metasploit300
Easy File Management Web Server Stack Buffer Overflow
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code
60RISK
open ↗Metasploit300
D-Link HNAP Request Remote Buffer Overflow
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06
60RISK
open ↗Metasploit600
Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functional
50RISK
open ↗Metasploit300
Belkin Play N750 login.cgi Buffer Overflow
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote a
50RISK
open ↗Metasploit300
AlienVault Authenticated SQL Injection Arbitrary File Read
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL
43RISK
open ↗Metasploit600
AlienVault OSSIM av-centerd Command Injection
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a
60RISK
open ↗Metasploit600
Android 'Towelroot' Futex Requeue Kernel Exploit
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two diff
98RISK
open ↗Metasploit0
Cogent DataHub Command Injection
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary
50RISK
open ↗Metasploit300
Wireshark CAPWAP Dissector DoS
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RISK
open ↗Metasploit500
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Window
100RISK
open ↗Metasploit500
Adobe Flash Player Shader Buffer Overflow
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS
60RISK
open ↗Metasploit600
AlienVault OSSIM SQL Injection and Remote Code Execution
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5
43RISK
open ↗Metasploit600
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote
50RISK
open ↗Metasploit500
Adobe Flash Player domainMemory ByteArray Use After Free
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and
60RISK
open ↗Metasploit400
Adobe Reader for Android addJavascriptInterface Exploit
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RISK
open ↗Metasploit300
Cisco ASA SSL VPN Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 be
23RISK
open ↗Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrator
50RISK
open ↗Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users
50RISK
open ↗Metasploit300
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
Advantech WebAccess SQL Injection
41RISK
open ↗Metasploit300
OpenSSL Heartbeat (Heartbleed) Information Leak
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open ↗Metasploit300
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open ↗Metasploit600
eScan Web Management Console Command Injection
eScan 5.5-2 Web Management Console Command Injection
63RISK
open ↗Metasploit600
Belkin Wemo UPnP Remote Code Execution
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetS
40RISK
open ↗Metasploit300
MS14-017 Microsoft Word RTF Object Confusion
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Offi
100RISK
open ↗Metasploit300
EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login reques
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.