Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,841 exploits
Referência
CVE-2017-8751
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user
35RISK
open ↗Referência
CVE-2017-8594
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute
35RISK
open ↗Referência
CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISK
open ↗Referência
CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISK
open ↗Referência
CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP serv
50RISK
open ↗Referência
CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP serv
50RISK
open ↗Referência
CVE-2017-8541
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
35RISK
open ↗Referência
CVE-2017-8538
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
35RISK
open ↗Referência
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and conseque
35RISK
open ↗Referência
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and conseque
35RISK
open ↗Referência
CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via
50RISK
open ↗Referência
CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
45RISK
open ↗Referência
CVE-2018-0770
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitra
45RISK
open ↗Referência
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RISK
open ↗Referência
CVE-2018-8096
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name
35RISK
open ↗Referência
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
35RISK
open ↗Referência
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
35RISK
open ↗Referência
CVE-2016-3313
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote at
35RISK
open ↗Referência
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RISK
open ↗Referência
CVE-2017-8682
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold a
35RISK
open ↗Referência
CVE-2016-0189
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other
100RISK
open ↗Referência
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_d
28RISK
open ↗Referência
CVE-2017-16720
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within th
35RISK
open ↗Referência
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISK
open ↗Referência
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISK
open ↗Referência
CVE-2017-11890
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Win
35RISK
open ↗Referência
CVE-2018-16323
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that ha
35RISK
open ↗Referência
CVE-2015-6967
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to
50RISK
open ↗Referência
CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.