Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
CVE-2019-1492712 Aug 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RISK
open
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
CVE-2019-1493112 Aug 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RISK
open
Exploit-DB
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
CVE-2019-1225512 Aug 2019
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISK
open
Exploit-DB
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
CVE-2019-1362312 Aug 2019
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive)
23RISK
open
Exploit-DB
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
CVE-2014-403512 Aug 2019
Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0
23RISK
open
Exploit-DB
Adive Framework 2.0.7 - Cross-Site Request Forgery
CVE-2019-1434608 Aug 2019
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
23RISK
open
Exploit-DB
Aptana Jaxer 1.0.3.4547 - Local File inclusion
CVE-2019-1431208 Aug 2019
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This v
43RISK
open
Exploit-DB
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
CVE-2019-1469608 Aug 2019
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
43RISK
open
Exploit-DB
WordPress Plugin JoomSport 3.3 - SQL Injection
CVE-2019-1434807 Aug 2019
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via
28RISK
open
Exploit-DB
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
CVE-2018-133505 Aug 2019
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISK
open
Exploit-DB
macOS iMessage - Heap Overflow when Deserializing
CVE-2019-866105 Aug 2019
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A rem
28RISK
open
Exploit-DB
SilverSHielD 6.x - Local Privilege Escalation
CVE-2019-1306901 Aug 2019
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The
23RISK
open
Exploit-DB
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
CVE-2019-286131 Jul 2019
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported versi
23RISK
open
Exploit-DB
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
CVE-2019-867230 Jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RISK
open
Exploit-DB
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
CVE-2019-394830 Jul 2019
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
28RISK
open
Exploit-DB
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
CVE-2019-866230 Jul 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RISK
open
Exploit-DB
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
CVE-2019-867130 Jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
23RISK
open
Exploit-DB
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
CVE-2019-864730 Jul 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchO
28RISK
open
Exploit-DB
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
CVE-2019-866030 Jul 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10
28RISK
open
Exploit-DB
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
CVE-2019-864630 Jul 2019
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.
28RISK
open
Exploit-DB
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
CVE-2019-1432829 Jul 2019
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
23RISK
open
Exploit-DB
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
CVE-2019-681429 Jul 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISK
open
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
CVE-2019-1026726 Jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RISK
open
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
CVE-2019-1026626 Jul 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL
28RISK
open
Exploit-DB
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
CVE-2019-1132HIGHunder attack26 Jul 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
71RISK
open
Exploit-DB
Moodle Filepicker 3.5.2 - Server Side Request Forgery
CVE-2018-104226 Jul 2019
Moodle 3.x has Server Side Request Forgery in the filepicker.
28RISK
open
Exploit-DB
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
CVE-2019-1026726 Jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RISK
open
Exploit-DB
pdfresurrect 0.15 - Buffer Overflow
CVE-2019-1426726 Jul 2019
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is misha
23RISK
open
Exploit-DB
Ovidentia 8.4.3 - Cross-Site Scripting
CVE-2019-1397725 Jul 2019
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=crea
23RISK
open
Exploit-DB
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
CVE-2019-864925 Jul 2019
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.