Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
19,896 exploits
Referência
CVE-2019-15276
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
53RISK
open
Referência
CVE-2023-6875
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RISK
open
Referência
BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arb
35RISK
open
Referência
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows r
35RISK
open
Referência
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows r
35RISK
open
Referência
CVE-2013-5036
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter t
50RISK
open
Referência
CVE-2017-11903
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Se
35RISK
open
Referência
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISK
open
Referência
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISK
open
Referência
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Manage
35RISK
open
Referência
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
60RISK
open
Referência
CVE-2010-4749
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to
23RISK
open
Referência
CVE-2012-6530
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users w
50RISK
open
Referência
CVE-2018-10201
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible t
50RISK
open
Referência
CVE-2021-27964
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RISK
open
Referência
CVE-2014-2671
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corrupt
35RISK
open
Referência
CVE-2014-2671
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corrupt
35RISK
open
Referência
CVE-2018-20470
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RISK
open
Referência
DFD Cart 1.1 - Multiple Remote File Inclusions
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allo
35RISK
open
Referência
Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, Rea
50RISK
open
Referência
CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISK
open
Referência
CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISK
open
Referência
Microsoft DirectX SAMI File Parsing - Remote Stack Overflow
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for
50RISK
open
Referência
CVE-2022-35411
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header i
35RISK
open
Referência
ShoutPro 1.5.2 - 'shout.php' Remote Code Injection
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary
35RISK
open
Referência
CVE-2011-5171
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to e
50RISK
open
Referência
FeedMon 2.7.0.0 - outline Tag Buffer Overflow (PoC)
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbi
50RISK
open
Referência
feedDemon 2.7 - OPML Outline Tag Buffer Overflow
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbi
50RISK
open
Referência
Opera 9.60 - Persistent Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary w
50RISK
open
Referência
CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.