Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
CVE-2018-14933
CVE-2018-14933CRITICALunder attack
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RISK
open
Referência
CVE-2016-0015
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wi
35RISK
open
Referência
CVE-2016-2345
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows rem
35RISK
open
Referência
CVE-2022-0557
OS Command Injection in microweber/microweber
53RISK
open
Referência
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
OS Command Injection in microweber/microweber
53RISK
open
Referência
Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Local Buffer Overflow
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assist
35RISK
open
Referência
CVE-2016-0199
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
35RISK
open
Referência
CVE-2016-0199
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
35RISK
open
Referência
CVE-2018-8552
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which coul
35RISK
open
Referência
CVE-2017-16887
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact
35RISK
open
Referência
CVE-2018-8133
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open
Referência
CVE-2010-2309
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary cod
50RISK
open
Referência
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISK
open
Referência
CVE-2015-8256
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
35RISK
open
Referência
CVE-2015-8256
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
35RISK
open
Referência
CVE-2019-12518
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISK
open
Referência
CVE-2020-15050
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary fi
50RISK
open
Referência
CVE-2015-5133
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR
35RISK
open
Referência
CVE-2015-5131
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR
35RISK
open
Referência
CVE-2015-5132
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR
35RISK
open
Referência
Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX cont
35RISK
open
Referência
CVE-2023-6623
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
75RISK
open
Referência
CVE-2024-25735
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RISK
open
Referência
CVE-2018-13862
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attacker
35RISK
open
Referência
CVE-2018-19524
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTB
35RISK
open
Referência
CVE-2018-19524
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTB
35RISK
open
Referência
CVE-2016-3304
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007
35RISK
open
Referência
CVE-2016-3303
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007
35RISK
open
Referência
CVE-2017-0108
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 20
35RISK
open
Referência
Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Remote Buffer Overflow
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the schedul
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.