Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL pages cross site scripting
43RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL view cross site scripting
43RISK
open ↗Exploit-DB
RosarioSIS 10.8.4 - CSV Injection
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
33RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL users cross site scripting
43RISK
open ↗Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL find-a-match cross site scripting
43RISK
open ↗Exploit-DB
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
23RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL friends cross site scripting
43RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL ajax_invite cross site scripting
43RISK
open ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL question cross site scripting
43RISK
open ↗Exploit-DB
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
Microsoft Office Elevation of Privilege Vulnerability
41RISK
open ↗Exploit-DB
pfSense v2.7.0 - OS Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RISK
open ↗Exploit-DB
RWS WorldServer 11.7.3 - Session Token Enumeration
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized a
23RISK
open ↗Exploit-DB
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to t
53RISK
open ↗Exploit-DB
ABB FlowX v4.00 - Exposure of Sensitive Information
Flow-X disclosure of sensitive information to unauthenticated users
33RISK
open ↗Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by send
43RISK
open ↗Exploit-DB
Icinga Web 2.10 - Authenticated Remote Code Execution
Arbitrary code execution for authenticated users in Icinga Web 2
46RISK
open ↗Exploit-DB
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISK
open ↗Exploit-DB
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
28RISK
open ↗Exploit-DB
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code
23RISK
open ↗Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISK
open ↗Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
70RISK
open ↗Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
23RISK
open ↗Exploit-DB
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
33RISK
open ↗Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RISK
open ↗Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Microsoft Excel Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
FuguHub 8.1 - Remote Code Execution
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the c
53RISK
open ↗Exploit-DB
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RISK
open ↗Exploit-DB
TP-Link TL-WR940N V4 - Buffer OverFlow
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6Cfg
35RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.