Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
KiTTY 0.76.1.13 - Command Injection
CVE-2024-23749HIGH14 Mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
41RISK
open
Exploit-DB
GitLab CE/EE < 16.7.2 - Password Reset
CVE-2023-7028CRITICALunder attack14 Mar 2024
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open
Exploit-DB
Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
CVE-2023-3710CRITICAL14 Mar 2024
Printer web page invalid command execution
75RISK
open
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5702MEDIUM14 Mar 2024
Viessmann Vitogate 300 direct request
38RISK
open
Exploit-DB
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
CVE-2023-42793CRITICALunder attackransomware14 Mar 2024
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RISK
open
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
CVE-2024-25004HIGH14 Mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RISK
open
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5222MEDIUM14 Mar 2024
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RISK
open
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
CVE-2024-25003HIGH14 Mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
41RISK
open
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25830CRITICAL10 Mar 2024
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An una
53RISK
open
Exploit-DB
Akaunting < 3.1.3 - RCE
CVE-2024-22836CRITICAL10 Mar 2024
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company loc
60RISK
open
Exploit-DB
Ladder v0.0.21 - Server-side request forgery (SSRF)
CVE-2024-27620HIGH10 Mar 2024
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request
41RISK
open
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25832HIGH10 Mar 2024
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to
46RISK
open
Exploit-DB
Numbas < v7.3 - Remote Code Execution
CVE-2024-27612MEDIUM10 Mar 2024
Numbas editor before 7.3 mishandles editing of themes and extensions.
38RISK
open
Exploit-DB
Hide My WP < 6.2.9 - Unauthenticated SQLi
CVE-2022-4681CRITICAL10 Mar 2024
Hide My WP < 6.2.9 - Unauthenticated SQLi
48RISK
open
Exploit-DB
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
CVE-2024-27743MEDIUM03 Mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RISK
open
Exploit-DB
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
CVE-2024-27744MEDIUM03 Mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RISK
open
Exploit-DB
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload
CVE-2024-27747CRITICAL03 Mar 2024
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a cra
53RISK
open
Exploit-DB
Petrol Pump Management Software v.1.0 - SQL Injection
CVE-2024-27746CRITICAL03 Mar 2024
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a c
53RISK
open
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration
CVE-2024-25734HIGH26 Feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only a
41RISK
open
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'
CVE-2024-25736HIGH26 Feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /d
41RISK
open
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
CVE-2024-25735CRITICAL26 Feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RISK
open
Exploit-DB
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
CVE-2023-3897MEDIUM19 Feb 2024
Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
33RISK
open
Exploit-DB
BoidCMS v2.0.0 - authenticated file upload vulnerability
CVE-2023-3883609 Oct 2023
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RISK
open
Exploit-DB
Clcknshop 1.0.0 - SQL Injection
CVE-2023-4708MEDIUM09 Oct 2023
Infosoftbd Clcknshop GET Parameter all sql injection
45RISK
open
Exploit-DB
Minio 2022-07-29T19-40-48Z - Path traversal
CVE-2022-35919HIGH09 Oct 2023
Authenticated requests for server update admin API allows path traversal in minio
53RISK
open
Exploit-DB
Cacti 1.2.24 - Authenticated command injection when using SNMP options
CVE-2023-39362HIGH09 Oct 2023
Authenticated command injection in SNMP options of a Device
63RISK
open
Exploit-DB
Splunk 9.0.5 - admin account take over
CVE-2023-32707HIGH09 Oct 2023
‘edit_user’ Capability Privilege Escalation
78RISK
open
Exploit-DB
Media Library Assistant Wordpress Plugin - RCE and LFI
CVE-2023-4634CRITICAL09 Oct 2023
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
85RISK
open
Exploit-DB
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
CVE-2023-4278HIGH09 Oct 2023
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
41RISK
open
Exploit-DB
GLPI GZIP(Py3) 9.4.5 - RCE
CVE-2020-11060HIGH09 Oct 2023
Remote Code Execution in GLPI
46RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.