Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1
50RISK
open
Referência
CVE-2019-17503
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISK
open
Referência
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RISK
open
Referência
CVE-2015-5134
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linu
35RISK
open
Referência
CVE-2015-5127
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linu
35RISK
open
Referência
CVE-2023-28252
CVE-2023-28252HIGHunder attackransomware
Windows Common Log File System Driver Elevation of Privilege Vulnerability
98RISK
open
Referência
Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to ex
50RISK
open
Referência
Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to ex
50RISK
open
Referência
CVE-2017-11793
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Window
35RISK
open
Referência
CVE-2011-0514
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash)
50RISK
open
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISK
open
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISK
open
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISK
open
Referência
ACDSee 9.0 - '.xpm' Local Buffer Overflow
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build
50RISK
open
Referência
Eznet 3.5.0 - Remote Stack Overflow / Denial of Service
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare
35RISK
open
Referência
PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BE
35RISK
open
Referência
CVE-2016-0170
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012
35RISK
open
Referência
CVE-2020-16009
CVE-2020-16009HIGHunder attack
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially expl
83RISK
open
Referência
CVE-2018-14392
The New Threads plugin before 1.2 for MyBB has XSS.
35RISK
open
Referência
BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_gl
50RISK
open
Referência
CVE-2013-2568
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless
35RISK
open
Referência
CVE-2023-4547
SPA-Cart eCommerce CMS search cross site scripting
55RISK
open
Referência
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe
50RISK
open
Referência
CVE-2021-40875
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RISK
open
Referência
CVE-2009-0182
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in
50RISK
open
Referência
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t
75RISK
open
Referência
CVE-2020-5377
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RISK
open
Referência
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RISK
open
Referência
CVE-2012-2110
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before
35RISK
open
Referência
CVE-2013-3563
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a de
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.