Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit500
HP Intelligent Management Center Arbitrary File Upload
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Netw
50RISK
open ↗Metasploit300
MS13-037 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary co
100RISK
open ↗Metasploit600
D-Link DIR-645 / DIR-815 diagnostic.php Command Execution
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b
78RISK
open ↗Metasploit300
Java CMM Remote Code Execution
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and
60RISK
open ↗Metasploit300
Mac OS X Sudo Password Bypass
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypas
38RISK
open ↗Metasploit100
Sami FTP Server LIST Command Buffer Overflow
Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) a
23RISK
open ↗Metasploit600
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R
43RISK
open ↗Metasploit600
Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload Vulnerability
Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload
63RISK
open ↗Metasploit600
Nagios Remote Plugin Executor Arbitrary Command Execution
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote att
50RISK
open ↗Metasploit0
Netgear DGN2200B pppoe.cgi Remote Command Execution
Netgear Routers pppoe.cgi RCE
63RISK
open ↗Metasploit600
OpenEMR PHP File Upload Vulnerability
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer
60RISK
open ↗Metasploit200
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a cr
50RISK
open ↗Metasploit600
Linksys WRT160nv2 apply.cgi Remote Command Injection
Linksys Routers apply.cgi Remote Command Injection
36RISK
open ↗Metasploit300
Adobe Flash Player Regular Expression Heap Overflow
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x
60RISK
open ↗Metasploit300
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allo
43RISK
open ↗Metasploit300
D-Link authentication.cgi Buffer Overflow
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allo
43RISK
open ↗Metasploit600
D-Link DIR615h OS Command Injection
D-Link Routers tools_vct.htm OS Command Injection
41RISK
open ↗Metasploit600
Netgear DGN1000B setup.cgi Remote Command Execution
Netgear Routers setup.cgi RCE
36RISK
open ↗Metasploit600
Linksys E1500/E2500 apply.cgi Remote Command Injection
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version
41RISK
open ↗Metasploit300
Linksys E1500/E2500 Remote Command Execution
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version
41RISK
open ↗Metasploit300
ActFax 5.01 RAW Server Buffer Overflow
ActFax 5.01 RAW Server Buffer Overflow
63RISK
open ↗Metasploit300
OpenSSL TLS 1.1 and 1.2 AES-NI DoS
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 bef
30RISK
open ↗Metasploit600
Glossword v1.8.8 - 1.8.12 Arbitrary File Upload Vulnerability
Glossword 1.8.8 - 1.8.12 Arbitrary File Upload RCE
43RISK
open ↗Metasploit300
D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
D-Link Devices Unauthenticated RCE
68RISK
open ↗Metasploit0
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Raidsonic NAS Devices Unauthenticated Remote Command Execution
63RISK
open ↗Metasploit600
D-Link Devices Unauthenticated Remote Command Execution
D-Link Devices command.php Unauthenticated RCE
68RISK
open ↗Metasploit600
SCADA 3S CoDeSys Gateway Server Directory Traversal
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitr
50RISK
open ↗Metasploit600
D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet.
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled b
23RISK
open ↗Metasploit600
D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet.
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RISK
open ↗Metasploit600
D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet.
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability vi
30RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.