Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2026-9815
MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
33RISK
open ↗Referência
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISK
open ↗Referência
CVE-2026-8383
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
48RISK
open ↗Referência
CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f
33RISK
open ↗Referência
CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISK
open ↗Referência
CVE-2025-20281
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
100RISK
open ↗Referência
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗Referência★ 64
FortiWeb CVE-2025-25257 exploit
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗Referência
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗Referência
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISK
open ↗Referência
CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISK
open ↗Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISK
open ↗Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open ↗Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open ↗Referência
CVE-2023-33246
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open ↗Referência
CVE-2023-33246
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open ↗Referência★ 104
CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open ↗Referência
CVE-2009-0927
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows r
100RISK
open ↗Referência
CVE-2023-46747
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RISK
open ↗Referência
CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISK
open ↗Referência
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗Referência
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗Referência
CVE-2017-17562
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISK
open ↗Referência
CVE-2026-7229
code-projects Coaching Management System POST reply.php sql injection
33RISK
open ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open ↗Referência
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.