Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
CVE-2017-8751
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user
35RISK
open
Referência
CVE-2017-8594
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute
35RISK
open
Referência
CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISK
open
Referência
CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISK
open
Referência
CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP serv
50RISK
open
Referência
CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP serv
50RISK
open
Referência
CVE-2017-8541
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
35RISK
open
Referência
CVE-2017-8538
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
35RISK
open
Referência
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and conseque
35RISK
open
Referência
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and conseque
35RISK
open
Referência
CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via
50RISK
open
Referência
CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
45RISK
open
Referência
CVE-2018-0770
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitra
45RISK
open
Referência
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RISK
open
Referência
CVE-2018-8096
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name
35RISK
open
Referência
CVE-2023-1133
CVE-2023-1133
75RISK
open
Referência
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
35RISK
open
Referência
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
35RISK
open
Referência
CVE-2016-3313
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote at
35RISK
open
Referência
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RISK
open
Referência
CVE-2017-8682
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold a
35RISK
open
Referência
CVE-2016-0189
CVE-2016-0189HIGHunder attack
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other
100RISK
open
Referência
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_d
28RISK
open
Referência
CVE-2017-16720
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within th
35RISK
open
Referência
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISK
open
Referência
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISK
open
Referência
CVE-2017-11890
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Win
35RISK
open
Referência
CVE-2018-16323
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that ha
35RISK
open
Referência
CVE-2015-6967
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to
50RISK
open
Referência
CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.