Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
CVE-2019-1254304 Jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceReques
23RISK
open
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
CVE-2019-1254204 Jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RISK
open
Exploit-DB
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
CVE-2019-1663CRITICAL04 Jun 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Exploit-DB
IceWarp 10.4.4 - Local File Inclusion
CVE-2019-1259304 Jun 2019
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index
50RISK
open
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540403 Jun 2019
The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.
23RISK
open
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540603 Jun 2019
The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.
28RISK
open
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540503 Jun 2019
The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.
23RISK
open
Exploit-DB
WordPress Plugin Form Maker 1.13.3 - SQL Injection
CVE-2019-1086603 Jun 2019
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_
23RISK
open
Exploit-DB
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
CVE-2019-0708CRITICALunder attackransomware30 May 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open
Exploit-DB
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
CVE-2019-981629 May 2019
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, al
23RISK
open
Exploit-DB
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
CVE-2019-1234729 May 2019
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description fiel
35RISK
open
Exploit-DB
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
CVE-2019-1052929 May 2019
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set
23RISK
open
Exploit-DB
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
CVE-2019-979229 May 2019
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during
28RISK
open
Exploit-DB
Deltek Maconomy 2.2.5 - Local File Inclusion
CVE-2019-1231427 May 2019
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RISK
open
Exploit-DB
Typora 0.9.9.24.6 - Directory Traversal
CVE-2019-1213727 May 2019
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substr
23RISK
open
Exploit-DB
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
CVE-2019-0752HIGHunder attackransomware24 May 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open
Exploit-DB
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
CVE-2019-861323 May 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchO
28RISK
open
Exploit-DB
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
CVE-2019-088123 May 2019
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows
23RISK
open
Exploit-DB
Nagios XI 5.6.1 - SQL injection
CVE-2019-1227923 May 2019
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). N
23RISK
open
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
CVE-2019-0841HIGHunder attackransomware23 May 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISK
open
Exploit-DB
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
CVE-2017-1835723 May 2019
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of t
43RISK
open
Exploit-DB
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
CVE-2019-856523 May 2019
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISK
open
Exploit-DB
Carel pCOWeb < B1.2.1 - Credentials Disclosure
CVE-2019-1136922 May 2019
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext pass
23RISK
open
Exploit-DB
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
CVE-2019-1137022 May 2019
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" f
38RISK
open
Exploit-DB
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
CVE-2019-0863HIGHunder attack22 May 2019
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Erro
71RISK
open
Exploit-DB
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
CVE-2019-1225222 May 2019
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post
23RISK
open
Exploit-DB
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
CVE-2019-1136822 May 2019
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.
23RISK
open
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
CVE-2019-1218922 May 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
23RISK
open
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
CVE-2019-862321 May 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISK
open
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
CVE-2019-8605HIGHunder attack21 May 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.