Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
CVE-2010-2343
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbi
50RISK
open
Referência
CVE-2023-24078
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the c
53RISK
open
Referência
CVE-2019-0541
CVE-2019-0541HIGHunder attack
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML E
83RISK
open
Referência
CVE-2008-3922
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences
50RISK
open
Referência
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences
50RISK
open
Referência
CVE-2019-9760
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-cont
50RISK
open
Referência
helplink 0.1.0 - 'show.php' Remote File Inclusion
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute a
35RISK
open
Referência
CVE-2016-7434
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a craf
35RISK
open
Referência
CVE-2021-41381
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
50RISK
open
Referência
CVE-2021-41381
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
50RISK
open
Referência
Payara Micro Community 5.2021.6 - Directory Traversal
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
50RISK
open
Referência
CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISK
open
Referência
CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISK
open
Referência
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from t
35RISK
open
Referência
CVE-2020-1054
CVE-2020-1054HIGHunder attack
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
98RISK
open
Referência
Ajax File Browser 3b - 'settings.inc.php?approot' Remote File Inclusion
PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attacker
35RISK
open
Referência
Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Wor
35RISK
open
Referência
CVE-2017-13772
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated
35RISK
open
Referência
CVE-2017-13772
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated
35RISK
open
Referência
CVE-2017-8734
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arb
35RISK
open
Referência
CVE-2023-27823
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid cr
60RISK
open
Referência
CVE-2016-0710
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RISK
open
Referência
CVE-2016-0710
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RISK
open
Referência
CVE-2012-4031
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attacke
50RISK
open
Referência
CVE-2019-8953
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, re
35RISK
open
Referência
CVE-2019-13272
CVE-2019-13272HIGHunder attack
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open
Referência
CVE-2019-13272
CVE-2019-13272HIGHunder attack
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open
Referência
CVE-2019-13272
CVE-2019-13272HIGHunder attack
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open
Referência
CVE-2019-13272
CVE-2019-13272HIGHunder attack
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open
Referência
CVE-2019-13272
CVE-2019-13272HIGHunder attack
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.