Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
OpenTSDB 2.4.1 unauthenticated command injection
CVE-2023-25826CRITICAL01 Jul 2023
Remote Code Execution in OpenTSDB
75RISK
open
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-0872HIGH01 Jul 2023
ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users
36RISK
open
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-40315MEDIUM01 Jul 2023
ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN
28RISK
open
Metasploit600
MagnusBilling application unauthenticated Remote Command Execution.
CVE-2023-30258CRITICAL26 Jun 2023
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISK
open
Metasploit600
Rudder Server SQLI Remote Code Execution
CVE-2023-30625HIGH16 Jun 2023
rudder-server vulnerable to SQL Injection
58RISK
open
Metasploit600
Apache NiFi H2 Connection String Remote Code Execution
CVE-2023-34468HIGH12 Jun 2023
Apache NiFi: Potential Code Injection with Database Services using H2
48RISK
open
Metasploit300
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
CVE-2023-0342LOW09 Jun 2023
MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
23RISK
open
Metasploit600
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
CVE-2023-20887CRITICALunder attack07 Jun 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware
100RISK
open
Metasploit600
Ivanti EPM Agent Portal Command Execution
CVE-2023-28324HIGH07 Jun 2023
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege es
41RISK
open
Metasploit600
CmsMadeSimple Authenticated File Manager RCE
CVE-2023-3696907 Jun 2023
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
30RISK
open
Metasploit600
Chamilo unauthenticated command injection in PowerPoint upload
CVE-2023-3496001 Jun 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to ex
60RISK
open
Metasploit600
Splunk "edit_user" Capability Privilege Escalation
CVE-2023-32707HIGH01 Jun 2023
‘edit_user’ Capability Privilege Escalation
78RISK
open
Metasploit600
Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode
CVE-2023-206831 May 2023
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RISK
open
Metasploit600
MOVEit SQL Injection vulnerability
CVE-2023-34362CRITICALunder attackransomware31 May 2023
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISK
open
Metasploit600
Dolibarr ERP/CRM Authenticated Code Injection
CVE-2023-30253HIGH29 May 2023
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instea
58RISK
open
Metasploit600
Openfire authentication bypass with RCE plugin
CVE-2023-32315HIGHunder attack26 May 2023
Openfire administration console authentication bypass
100RISK
open
Metasploit600
Apache RocketMQ update config RCE
CVE-2023-33246CRITICALunder attack23 May 2023
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open
Metasploit300
GitLab Authenticated File Read
CVE-2023-2825CRITICAL23 May 2023
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISK
open
Metasploit600
Barracuda ESG TAR Filename Command Injection
CVE-2023-2868CRITICALunder attack23 May 2023
Remote Code injection in Barracuda Email Security Gateway
100RISK
open
Metasploit600
Delta Electronics InfraSuite Device Master Deserialization
CVE-2023-1133CRITICAL17 May 2023
CVE-2023-1133
75RISK
open
Metasploit600
SolarView Compact unauthenticated remote command execution vulnerability.
CVE-2023-23333CRITICAL15 May 2023
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RISK
open
Metasploit600
TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
CVE-2023-30013CRITICAL05 May 2023
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/s
68RISK
open
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-24955HIGHunder attackransomware01 May 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-29357CRITICALunder attackransomware01 May 2023
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RISK
open
Metasploit300
Apache Superset Signed Cookie Priv Esc
CVE-2023-27524HIGHunder attack25 Apr 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open
Metasploit600
invscout RPM Privilege Escalation
CVE-2023-28528HIGH24 Apr 2023
IBM AIX command execution
36RISK
open
Metasploit600
Ivanti Avalanche FileStoreConfig File Upload
CVE-2023-28128HIGH24 Apr 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could
58RISK
open
Metasploit300
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
CVE-2023-26876HIGH21 Apr 2023
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via t
36RISK
open
Metasploit600
ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection
CVE-2023-29084HIGH12 Apr 2023
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy setti
58RISK
open
Metasploit300
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
CVE-2023-21554CRITICAL11 Apr 2023
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
85RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.