Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit400
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
CVE-2013-362306 Nov 2013
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RISK
open
Metasploit200
MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
CVE-2013-3906HIGHunder attack05 Nov 2013
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compati
100RISK
open
Metasploit600
Gitlab-shell Code Execution
CVE-2013-449004 Nov 2013
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x
50RISK
open
Metasploit300
Watermark Master Buffer Overflow (SEH)
CVE-2013-693501 Nov 2013
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a
50RISK
open
Metasploit600
Apache Roller OGNL Injection
CVE-2013-421231 Oct 2013
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute
60RISK
open
Metasploit600
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
CVE-2013-695531 Oct 2013
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before
60RISK
open
Metasploit600
Zabbix Authenticated Remote Command Execution
CVE-2013-362830 Oct 2013
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
50RISK
open
Metasploit600
OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
CVE-2013-3632HIGH30 Oct 2013
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users
68RISK
open
Metasploit500
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
CVE-2014-391430 Oct 2013
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows
60RISK
open
Metasploit300
Openbravo ERP XXE Arbitrary File Read
CVE-2013-361730 Oct 2013
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML
43RISK
open
Metasploit600
HP LoadRunner EmulationAdmin Web Service Directory Traversal
CVE-2013-483730 Oct 2013
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arb
50RISK
open
Metasploit600
ISPConfig Authenticated Arbitrary PHP Code Execution
CVE-2013-362930 Oct 2013
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
50RISK
open
Metasploit600
vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution
CVE-2013-359130 Oct 2013
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
50RISK
open
Metasploit500
HP SiteScope issueSiebelCmd Remote Code Execution
CVE-2013-483530 Oct 2013
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authenti
60RISK
open
Metasploit600
Moodle Authenticated Spelling Binary RCE
CVE-2013-363030 Oct 2013
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell
50RISK
open
Metasploit500
NAS4Free Arbitrary Remote Code Execution
CVE-2013-363130 Oct 2013
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.p
43RISK
open
Metasploit600
Moodle Authenticated Spelling Binary RCE
CVE-2013-434130 Oct 2013
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, an
43RISK
open
Metasploit300
VideoCharge Studio Buffer Overflow (SEH)
CVE-2025-34123HIGH27 Oct 2013
VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File
36RISK
open
Metasploit600
ProcessMaker Open Source Authenticated PHP Code Execution
CVE-2013-10035HIGH24 Oct 2013
ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution
36RISK
open
Metasploit600
VICIdial Manager Send OS Command Injection
CVE-2013-446823 Oct 2013
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execut
50RISK
open
Metasploit600
VICIdial Manager Send OS Command Injection
CVE-2013-446723 Oct 2013
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-40
50RISK
open
Metasploit300
Node.js HTTP Pipelining Denial of Service
CVE-2013-445018 Oct 2013
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
30RISK
open
Metasploit600
WebTester 5.x Command Execution
CVE-2013-10037CRITICAL17 Oct 2013
WebTester 5.x install2.php Unauthenticated Command Execution
63RISK
open
Metasploit300
Beetel Connection Manager NetConfig.ini Buffer Overflow
CVE-2013-10036HIGH12 Oct 2013
Beetel Connection Manager NetConfig.ini Stack-Based Buffer Overflow
36RISK
open
Metasploit300
Android Settings Remove Device Locks (4.0-4.3)
CVE-2013-627111 Oct 2013
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted ap
18RISK
open
Metasploit300
vBulletin Administrator Account Creation
CVE-2013-612909 Oct 2013
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the
50RISK
open
Metasploit300
ALLPlayer M3U Buffer Overflow
CVE-2013-740909 Oct 2013
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Metasploit600
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
CVE-2013-482208 Oct 2013
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Soft
50RISK
open
Metasploit200
Windows TrackPopupMenuEx Win32k NULL Page
CVE-2013-388108 Oct 2013
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to ga
43RISK
open
Metasploit300
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
CVE-2013-3897HIGHunder attack08 Oct 2013
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allo
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.