Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2021-25298
CVE-2021-25298HIGHunder attack
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open
Referência
CVE-2026-9377
SourceCodester SUP Online Shopping productedit.php cross site scripting
33RISK
open
Referência
CVE-2026-23760
CVE-2026-23760CRITICALunder attackransomware
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RISK
open
Referência
CVE-2012-2122
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x befor
60RISK
open
Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open
Referência
CVE-2022-24112
CVE-2022-24112CRITICALunder attack
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISK
open
Referência
CVE-2022-24112
CVE-2022-24112CRITICALunder attack
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISK
open
Referência
CVE-2019-20085
CVE-2019-20085HIGHunder attack
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RISK
open
Referência
CVE-2019-20085
CVE-2019-20085HIGHunder attack
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RISK
open
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
CVE-2019-20500HIGHunder attack
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configura
93RISK
open
Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open
Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open
Referência
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open
Referência
CVE-2015-4852
CVE-2015-4852CRITICALunder attack
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open
Referência
CVE-2015-4852
CVE-2015-4852CRITICALunder attack
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open
Referência
CVE-2015-4852
CVE-2015-4852CRITICALunder attack
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open
Referência
CVE-2014-3871
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds
23RISK
open
Referência
CVE-2019-10068
CVE-2019-10068CRITICALunder attack
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISK
open
Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISK
open
Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISK
open
Referência
CVE-2026-7228
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
33RISK
open
Referência
CVE-2019-1652
CVE-2019-1652HIGHunder attack
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open
Referência
CVE-2019-1652
CVE-2019-1652HIGHunder attack
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open
Referência
CVE-2019-1652
CVE-2019-1652HIGHunder attack
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open
Referência
CVE-2019-1652
CVE-2019-1652HIGHunder attack
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open
Referência
CVE-2020-17530
CVE-2020-17530CRITICALunder attack
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.