Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
CVE-2023-3634803 Jul 2023
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RISK
open
Exploit-DB
WP AutoComplete 1.0.4 - Unauthenticated SQLi
CVE-2022-4297CRITICAL03 Jul 2023
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi
48RISK
open
Exploit-DB
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
CVE-2023-30198HIGH26 Jun 2023
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download
41RISK
open
Exploit-DB
Windows 11 22h2 - Kernel Privilege Elevation
CVE-2023-28293HIGH26 Jun 2023
Windows Kernel Elevation of Privilege Vulnerability
41RISK
open
Exploit-DB
Microsoft SharePoint Enterprise Server 2016 - Spoofing
CVE-2023-28288HIGH26 Jun 2023
Microsoft SharePoint Server Spoofing Vulnerability
41RISK
open
Exploit-DB
Azure Apache Ambari 2302250400 - Spoofing
CVE-2023-23408MEDIUM26 Jun 2023
Azure Apache Ambari Spoofing Vulnerability
33RISK
open
Exploit-DB
NCH Express Invoice - Clear Text Password Storage and Account Takeover
CVE-2020-1156023 Jun 2023
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
23RISK
open
Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
CVE-2022-47075HIGH22 Jun 2023
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the
68RISK
open
Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
CVE-2022-47076HIGH22 Jun 2023
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via Display
41RISK
open
Exploit-DB
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
CVE-2023-3320MEDIUM20 Jun 2023
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,
33RISK
open
Exploit-DB
Super Socializer 7.13.52 - Reflected XSS
CVE-2023-2779MEDIUM20 Jun 2023
Super Socializer < 7.13.52 - Reflected XSS
48RISK
open
Exploit-DB
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
CVE-2023-27372CRITICAL20 Jun 2023
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISK
open
Exploit-DB
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-11027MEDIUM19 Jun 2023
Password reset links invalidation issue in WordPress
38RISK
open
Exploit-DB
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
CVE-2023-23956MEDIUM19 Jun 2023
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
33RISK
open
Exploit-DB
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
CVE-2023-0297CRITICAL14 Jun 2023
Code Injection in pyload/pyload
85RISK
open
Exploit-DB
Teachers Record Management System 1.0 - File Upload Type Validation
CVE-2023-3187MEDIUM13 Jun 2023
PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload
33RISK
open
Exploit-DB
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
CVE-2023-3184LOW13 Jun 2023
SourceCodester Sales Tracker Management System cross site scripting
28RISK
open
Exploit-DB
WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
CVE-2021-2449909 Jun 2023
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISK
open
Exploit-DB
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
CVE-2023-30868HIGH06 Jun 2023
WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
56RISK
open
Exploit-DB
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
CVE-2023-33243HIGH04 Jun 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the
41RISK
open
Exploit-DB
File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
CVE-2023-206804 Jun 2023
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RISK
open
Exploit-DB
Online Security Guards Hiring System 1.0 - Reflected XSS
CVE-2023-0527LOW31 May 2023
PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting
43RISK
open
Exploit-DB
Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
CVE-2018-806531 May 2023
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISK
open
Exploit-DB
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
CVE-2023-0455HIGH31 May 2023
Unrestricted Upload of File with Dangerous Type in unilogies/bumsys
41RISK
open
Exploit-DB
Pydio Cells 4.1.2 - Server-Side Request Forgery
CVE-2023-32750MEDIUM31 May 2023
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which
33RISK
open
Exploit-DB
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
CVE-2023-32751MEDIUM31 May 2023
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are genera
33RISK
open
Exploit-DB
Faculty Evaluation System 1.0 - Unauthenticated File Upload
CVE-2023-33440HIGH31 May 2023
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_u
61RISK
open
Exploit-DB
Pydio Cells 4.1.2 - Unauthorised Role Assignments
CVE-2023-32749HIGH31 May 2023
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISK
open
Exploit-DB
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
CVE-2023-30145CRITICAL26 May 2023
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
60RISK
open
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
CVE-2020-6627CRITICAL25 May 2023
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS comman
53RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.