Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open ↗Referência
CVE-2026-9377
SourceCodester SUP Online Shopping productedit.php cross site scripting
33RISK
open ↗Referência
CVE-2026-23760
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RISK
open ↗Referência
CVE-2012-2122
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x befor
60RISK
open ↗Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open ↗Referência
CVE-2022-24112
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISK
open ↗Referência
CVE-2022-24112
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISK
open ↗Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configura
93RISK
open ↗Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open ↗Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open ↗Referência
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISK
open ↗Referência
CVE-2014-3871
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds
23RISK
open ↗Referência
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISK
open ↗Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISK
open ↗Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISK
open ↗Referência
CVE-2026-7228
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
33RISK
open ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗Referência
CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.