Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Ollama Model Registry Path Traversal RCE
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISK
open ↗Metasploit600
Flowmon Unauthenticated Command Injection
Flowmon Unauthenticated Command Injection Vulnerability
85RISK
open ↗Metasploit600
Apache HugeGraph Gremlin RCE
Apache HugeGraph-Server: Command execution in gremlin
100RISK
open ↗Metasploit600
FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RISK
open ↗Metasploit600
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISK
open ↗Metasploit300
Netdata ndsudo privilege escalation
ndsudo: local privilege escalation via untrusted search path
36RISK
open ↗Metasploit600
Chaos RAT XSS to RCE
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via th
28RISK
open ↗Metasploit600
AVideo WWBNIndex Plugin Unauthenticated RCE
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath
68RISK
open ↗Metasploit600
pgAdmin Binary Path API RCE
Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
48RISK
open ↗Metasploit600
Kemp LoadMaster Local sudo privilege escalation
LoadMaster Pre-Authenticated OS Command Injection
100RISK
open ↗Metasploit600
Kemp LoadMaster Unauthenticated Command Injection
LoadMaster Pre-Authenticated OS Command Injection
100RISK
open ↗Metasploit600
Progress Flowmon Local sudo privilege escalation
Flowmon Unauthenticated Command Injection Vulnerability
85RISK
open ↗Metasploit600
Gibbon School Platform Authenticated PHP Deserialization Vulnerability
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS
48RISK
open ↗Metasploit600
RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.
RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload
43RISK
open ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
48RISK
open ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
Authentication Bypass in OpenMetadata
85RISK
open ↗Metasploit600
Ghostscript Command Execution via Format String
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with
33RISK
open ↗Metasploit600
WordPress wp-automatic Plugin SQLi Admin Creation
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
85RISK
open ↗Metasploit300
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RISK
open ↗Metasploit600
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code
58RISK
open ↗Metasploit600
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
85RISK
open ↗Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISK
open ↗Metasploit600
Judge0 sandbox escape
Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
43RISK
open ↗Metasploit600
pgAdmin Session Deserialization RCE
Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
65RISK
open ↗Metasploit600
Apache Solr Backup/Restore APIs RCE
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
58RISK
open ↗Metasploit600
Unauthenticated RCE in Bricks Builder Theme
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISK
open ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RISK
open ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Authentication bypass using an alternate path or channel
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.