Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC)
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions befo
50RISK
open
Referência
Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions befo
50RISK
open
Referência
CVE-2017-8635
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Serve
35RISK
open
Referência
CVE-2018-0935
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Se
35RISK
open
Referência
CVE-2019-11708
CVE-2019-11708CRITICALunder attack
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result
90RISK
open
Referência
CVE-2019-7255
Linear eMerge E3-Series devices allow XSS.
50RISK
open
Referência
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
50RISK
open
Referência
CVE-2019-8387
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
35RISK
open
Referência
CVE-2022-21882
CVE-2022-21882HIGHunder attack
Win32k Elevation of Privilege Vulnerability
98RISK
open
Referência
CVE-2014-7236
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary
50RISK
open
Referência
CVE-2014-4114
CVE-2014-4114HIGHunder attack
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
100RISK
open
Referência
CVE-2018-17440
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves b
35RISK
open
Referência
CVE-2017-13872
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RISK
open
Referência
CVE-2017-13872
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RISK
open
Referência
CVE-2015-3042
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
35RISK
open
Referência
CVE-2020-10221
CVE-2020-10221HIGHunder attack
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands vi
83RISK
open
Referência
CVE-2010-1472
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attac
43RISK
open
Referência
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user
60RISK
open
Referência
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code
60RISK
open
Referência
WonderCMS 3.4.2 - Remote Code Execution (RCE)
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code
60RISK
open
Referência
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin c
35RISK
open
Referência
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin c
35RISK
open
Referência
Roundcube Webmail 0.2-3 Beta - Code Execution
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail)
35RISK
open
Referência
Roundcube Webmail 0.2b - Remote Code Execution
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail)
35RISK
open
Referência
CVE-2016-3325
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted w
35RISK
open
Referência
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service o
50RISK
open
Referência
CVE-2017-11810
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Window
35RISK
open
Referência
CVE-2018-8831
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/s
35RISK
open
Referência
CVE-2018-4233
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISK
open
Referência
CVE-2018-4233
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.