Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RISK
open ↗Metasploit500
SerComm Device Remote Code Execution
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISK
open ↗Metasploit300
SerComm Network Device Backdoor Detection
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISK
open ↗Metasploit300
IBM Lotus Sametime Version Enumeration
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspeci
23RISK
open ↗Metasploit300
IBM Lotus Notes Sametime Room Name Bruteforce
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine whic
18RISK
open ↗Metasploit300
IBM Lotus Notes Sametime User Enumeration
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remot
23RISK
open ↗Metasploit300
RealNetworks RealPlayer Version Attribute Buffer Overflow
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before
50RISK
open ↗Metasploit300
Adobe Flash Player Type Confusion Remote Code Execution
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2
60RISK
open ↗Metasploit300
IcoFX Stack Buffer Overflow
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open ↗Metasploit500
MS13-097 Registry Symlink IE Sandbox Escape
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and conseque
43RISK
open ↗Metasploit600
ElasticSearch Dynamic Script Arbitrary Java Execution
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open ↗Metasploit600
Zimbra Collaboration Server LFI
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RISK
open ↗Metasploit300
IBM Forms Viewer Unicode Buffer Overflow
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to exe
50RISK
open ↗Metasploit300
Ruby on Rails Action View MIME Memory Exhaustion
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo
23RISK
open ↗Metasploit200
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
43RISK
open ↗Metasploit600
WordPress OptimizePress Theme File Upload Vulnerability
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-
23RISK
open ↗Metasploit200
MS14-002 Microsoft Windows ndproxy.sys Local Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges
98RISK
open ↗Metasploit300
Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary
43RISK
open ↗Metasploit300
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and tru
30RISK
open ↗Metasploit600
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload
Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE
63RISK
open ↗Metasploit300
Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and Mana
23RISK
open ↗Metasploit600
Kaseya uploadImage Arbitrary File Upload
Kaseya < 6.3.0.2 uploadImage.asp Arbitrary File Upload RCE
63RISK
open ↗Metasploit300
Huawei Datacard Information Disclosure Vulnerability
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remot
18RISK
open ↗Metasploit600
ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before buil
60RISK
open ↗Metasploit300
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server
100RISK
open ↗Metasploit300
IBM Lotus Sametime WebPlayer DoS
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension c
18RISK
open ↗Metasploit300
Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attacker
18RISK
open ↗Metasploit300
Supermicro Onboard IPMI Static SSL Certificate Scanner
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_3
18RISK
open ↗Metasploit300
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.