Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,002cataloged exploits
31,582CVEs with public exploitation
19,780 exploits
Referência
CVE-2016-0049
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server
28RISK
open
Referência
CVE-2016-0049
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server
28RISK
open
Referência
CVE-2018-14335
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read
38RISK
open
Referência
APC ActionApps CMS 2.8.1 - Remote File Inclusion
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a
28RISK
open
Referência
CVE-2013-2683
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers
28RISK
open
Referência
CVE-2017-1000373
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N
28RISK
open
Referência
CVE-2017-10661
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denia
28RISK
open
Referência
CVE-2018-8298
CVE-2018-8298HIGHunder attack
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory,
93RISK
open
Referência
CVE-2022-20707
Cisco Small Business RV Series Routers Vulnerabilities
85RISK
open
Referência
FrontAccounting 1.12 build 31 - Remote File Inclusion
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execut
45RISK
open
Referência
CVE-2010-1885
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server
60RISK
open
Referência
CVE-2019-19781
CVE-2019-19781CRITICALunder attackransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Referência
CVE-2022-22947
CVE-2022-22947CRITICALunder attack
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
Referência
CVE-2022-22947
CVE-2022-22947CRITICALunder attack
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
Referência
CVE-2018-11409
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json
60RISK
open
Referência
CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISK
open
Referência
CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISK
open
Referência
CVE-2012-3153
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISK
open
Referência
CVE-2014-5445
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 a
60RISK
open
Referência
CVE-2022-27925
CVE-2022-27925HIGHunder attackransomware
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file
100RISK
open
Referência
CVE-2024-12987
CVE-2024-12987MEDIUMunder attack
DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection
100RISK
open
Referência
CVE-2023-20887
CVE-2023-20887CRITICALunder attack
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware
100RISK
open
Referência
CVE-2026-32834
Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning
41RISK
open
Referência
CVE-2026-7744
CodeAstro Online Classroom addnewstudent sql injection
33RISK
open
Referência
CVE-2026-56122
Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths
41RISK
open
Referência
CVE-2026-9702
InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking
41RISK
open
Referência
CVE-2026-5305
Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS
41RISK
open
Referência
CVE-2019-1821
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISK
open
Referência
CVE-2010-1653
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! a
43RISK
open
Referência
CVE-2026-56121
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RISK
open
page 1 / 660next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.