Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Linksys WRT120N tmUnblock Stack Buffer Overflow
CVE-2014-125122MEDIUM19 Feb 2014
Linksys WRT120N tmUnblock.cgi Stack-Based Buffer Overflow Admin Password Reset
28RISK
open
Metasploit600
Linksys E-Series TheMoon Remote Command Injection
CVE-2025-34037CRITICAL13 Feb 2014
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RISK
open
Metasploit300
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
CVE-2014-0322HIGHunder attack13 Feb 2014
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code v
100RISK
open
Metasploit600
Fritz!Box Webcm Unauthenticated Command Injection
CVE-2014-972711 Feb 2014
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter t
60RISK
open
Metasploit500
MS14-009 .NET Deployment Service IE Sandbox Escape
CVE-2014-025711 Feb 2014
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it
50RISK
open
Metasploit300
Apache Commons FileUpload and Apache Tomcat DoS
CVE-2014-005006 Feb 2014
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products,
60RISK
open
Metasploit300
Adobe Flash Player Integer Underflow Remote Code Execution
CVE-2014-0497HIGHunder attack05 Feb 2014
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Ma
100RISK
open
Metasploit300
Publish-It PUI Buffer Overflow (SEH)
CVE-2014-098005 Feb 2014
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI f
50RISK
open
Metasploit600
Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution
CVE-2014-125121CRITICAL03 Feb 2014
Array Networks vAPV and vxAG Default Credential Privilege Escalation
43RISK
open
Metasploit400
Linux Kernel recvmmsg Privilege Escalation
CVE-2014-003802 Feb 2014
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo
50RISK
open
Metasploit600
Pandora FMS Default Credential / SQLi Remote Code Execution
CVE-2014-125115CRITICAL01 Feb 2014
Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE
63RISK
open
Metasploit600
Zpanel Remote Unauthenticated RCE
CVE-2013-209730 Jan 2014
ZPanel through 10.1.0 has Remote Command Execution
43RISK
open
Metasploit600
Pandora FMS Remote Code Execution
CVE-2014-125124CRITICAL29 Jan 2014
Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection
63RISK
open
Metasploit0
Kloxo SQL Injection and Remote Code Execution
CVE-2014-125123CRITICAL28 Jan 2014
Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
43RISK
open
Metasploit600
SkyBlueCanvas CMS Remote Code Execution
CVE-2014-168328 Jan 2014
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248
50RISK
open
Metasploit300
A10 Networks AX Loadbalancer Directory Traversal
CVE-2014-125125HIGH28 Jan 2014
A10 Networks AX Loadbalancer Path Traversal
36RISK
open
Metasploit600
MediaWiki Thumb.php Remote Command Execution
CVE-2014-161028 Jan 2014
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is
50RISK
open
Metasploit300
ManageEngine Support Center Plus Directory Traversal
CVE-2014-10000228 Jan 2014
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arb
50RISK
open
Metasploit600
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
CVE-2014-075023 Jan 2014
GE Proficy HMI/SCADA Path Traversal
78RISK
open
Metasploit600
Simple E-Document Arbitrary File Upload
CVE-2014-125126CRITICAL23 Jan 2014
Simple E-Document Arbitrary File Upload RCE
63RISK
open
Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
CVE-2014-863620 Jan 2014
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
50RISK
open
Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
CVE-2015-080220 Jan 2014
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RISK
open
Metasploit300
Mac OS X Safari file:// Redirection Sandbox Escape
CVE-2015-115516 Jan 2014
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allo
23RISK
open
Metasploit500
Oracle Forms and Reports Remote Code Execution
CVE-2012-315315 Jan 2014
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISK
open
Metasploit500
Oracle Forms and Reports Remote Code Execution
CVE-2012-3152CRITICALunder attack15 Jan 2014
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISK
open
Metasploit400
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
CVE-2013-282714 Jan 2014
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before
50RISK
open
Metasploit500
HP AutoPass License Server File Upload
CVE-2013-622110 Jan 2014
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISK
open
Metasploit600
GetSimpleCMS PHP File Upload Vulnerability
CVE-2013-10032HIGH04 Jan 2014
GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload
36RISK
open
Metasploit500
HP Client Automation Command Injection
CVE-2015-149702 Jan 2014
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open
Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
CVE-2013-234702 Jan 2014
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.