Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,888GitHub PoC 13,184VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
19,888 exploits
Referência
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISK
open ↗Referência
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISK
open ↗Referência
C6 Messenger - ActiveX Remote Download and Execute
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force
50RISK
open ↗Referência
CVE-2021-39608
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
35RISK
open ↗Referência
CVE-2015-6127
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers t
50RISK
open ↗Referência
Segue CMS 1.8.4 - 'index.php' Remote File Inclusion
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled,
35RISK
open ↗Referência
CVE-2011-0096
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Wind
45RISK
open ↗Referência
CVE-2010-2590
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753
50RISK
open ↗Referência
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISK
open ↗Referência
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISK
open ↗Referência
CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does
60RISK
open ↗Referência
CVE-2014-0282
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
35RISK
open ↗Referência
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISK
open ↗Referência
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISK
open ↗Referência
PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISK
open ↗Referência
WordPress Plugin BackUpWordPress 0.4.2b - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow
35RISK
open ↗Referência
CVE-2017-0084
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server
35RISK
open ↗Referência
CVE-2019-9879
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever
50RISK
open ↗Referência
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary fil
83RISK
open ↗Referência
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary fil
83RISK
open ↗Referência
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are
83RISK
open ↗Referência
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expect
50RISK
open ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISK
open ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISK
open ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISK
open ↗Referência
Vortex Portal 1.0.42 - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary P
35RISK
open ↗Referência
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISK
open ↗Referência
CVE-2014-9195
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RISK
open ↗Referência
CVE-2018-7719
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.