Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2026-9815
MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
33RISK
open
Referência
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISK
open
Referência
CVE-2026-8383
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
48RISK
open
Referência
CVE-2026-8089
weMail < 2.1.3 - Reflected Cross-Site Scripting
41RISK
open
Referência
CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f
33RISK
open
Referência
CVE-2025-54236
CVE-2025-54236CRITICALunder attack
Adobe Commerce | Improper Input Validation (CWE-20)
100RISK
open
Referência
CVE-2021-22502
CVE-2021-22502CRITICALunder attack
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISK
open
Referência
CVE-2025-20281
CVE-2025-20281CRITICALunder attack
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
100RISK
open
Referência
CVE-2025-25257
CVE-2025-25257CRITICALunder attack
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
Referência64
FortiWeb CVE-2025-25257 exploit
CVE-2025-25257CRITICALunder attack
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
Referência
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
CVE-2025-25257CRITICALunder attack
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
Referência
CVE-2020-25223
CVE-2020-25223CRITICALunder attack
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISK
open
Referência
CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISK
open
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISK
open
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open
Referência
CVE-2023-33246
CVE-2023-33246CRITICALunder attack
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open
Referência
CVE-2023-33246
CVE-2023-33246CRITICALunder attack
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open
Referência104
CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
CVE-2023-33246CRITICALunder attack
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open
Referência
CVE-2009-0927
CVE-2009-0927HIGHunder attack
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows r
100RISK
open
Referência
CVE-2023-46747
CVE-2023-46747CRITICALunder attackransomware
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RISK
open
Referência
CVE-2020-8260
CVE-2020-8260HIGHunder attack
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISK
open
Referência
CVE-2020-11651
CVE-2020-11651CRITICALunder attack
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open
Referência
CVE-2020-11651
CVE-2020-11651CRITICALunder attack
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open
Referência
CVE-2017-17562
CVE-2017-17562HIGHunder attack
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISK
open
Referência
CVE-2026-7229
code-projects Coaching Management System POST reply.php sql injection
33RISK
open
Referência
CVE-2018-20250
CVE-2018-20250HIGHunder attackransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Referência
CVE-2018-20250
CVE-2018-20250HIGHunder attackransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Referência
CVE-2018-20250
CVE-2018-20250HIGHunder attackransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Referência
CVE-2021-25298
CVE-2021-25298HIGHunder attack
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.