Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Froxlor Log Path RCE
CVE-2023-0315HIGH29 Jan 2023
Command Injection in froxlor/froxlor
78RISK
open
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31704CRITICAL24 Jan 2023
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely
85RISK
open
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31711MEDIUM24 Jan 2023
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sen
53RISK
open
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31706CRITICAL24 Jan 2023
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject fi
85RISK
open
Metasploit600
Sudoedit Extra Arguments Priv Esc
CVE-2023-22809HIGH18 Jan 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISK
open
Metasploit600
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
CVE-2023-21839HIGHunder attack17 Jan 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISK
open
Metasploit600
pyLoad js2py Python Execution
CVE-2023-0297CRITICAL13 Jan 2023
Code Injection in pyload/pyload
85RISK
open
Metasploit300
Wordpress Paid Membership Pro code Unauthenticated SQLi
CVE-2023-23488CRITICAL12 Jan 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISK
open
Metasploit600
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALunder attackransomware10 Jan 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISK
open
Metasploit600
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
CVE-2023-21768HIGH10 Jan 2023
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RISK
open
Metasploit600
ManageEngine Endpoint Central Unauthenticated SAML RCE
CVE-2022-47966CRITICALunder attackransomware10 Jan 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISK
open
Metasploit600
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALunder attackransomware10 Jan 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISK
open
Metasploit600
Jorani unauthenticated Remote Code Execution
CVE-2023-2646906 Jan 2023
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RISK
open
Metasploit600
CWP login.php Unauthenticated RCE
CVE-2022-44877CRITICALunder attack05 Jan 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISK
open
Metasploit400
SugarCRM unauthenticated Remote Code Execution (RCE)
CVE-2023-22952HIGHunder attack28 Dec 2022
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RISK
open
Metasploit600
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
CVE-2022-46689HIGH17 Dec 2022
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macO
68RISK
open
Metasploit600
Cacti 1.2.22 unauthenticated command injection
CVE-2022-46169CRITICALunder attack05 Dec 2022
Unauthenticated Command Injection
100RISK
open
Metasploit300
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
CVE-2022-46770HIGH04 Dec 2022
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RISK
open
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984722 Nov 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to i
30RISK
open
Metasploit600
VSCode ipynb Remote Development RCE
CVE-2022-41034HIGH22 Nov 2022
Visual Studio Code Remote Code Execution Vulnerability
48RISK
open
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984522 Nov 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RISK
open
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984622 Nov 2022
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obt
18RISK
open
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984822 Nov 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RISK
open
Metasploit600
Bitbucket Environment Variable RCE
CVE-2022-43781CRITICAL16 Nov 2022
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker
65RISK
open
Metasploit600
F5 BIG-IP iControl CSRF File Write SOAP API
CVE-2022-41622HIGH16 Nov 2022
iControl SOAP vulnerability
58RISK
open
Metasploit600
F5 BIG-IP iControl Authenticated RCE via RPM Creator
CVE-2022-41800HIGH16 Nov 2022
Appliance mode iControl REST vulnerability
68RISK
open
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38120MEDIUM10 Nov 2022
POWERCOM CO., LTD. UPSMON PRO - Path Traversal
28RISK
open
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38121MEDIUM10 Nov 2022
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials
28RISK
open
Metasploit400
Lenovo Diagnostics Driver IOCTL memmove
CVE-2022-3699HIGH09 Nov 2022
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo
56RISK
open
Metasploit600
Acronis Cyber Protect/Backup remote code execution
CVE-2022-3405CRITICAL08 Nov 2022
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following
43RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.