Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
TAR Path Traversal in Zimbra (CVE-2022-41352)
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through ama
100RISK
open ↗Metasploit600
UnRAR Path Traversal in Zimbra (CVE-2022-30333)
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISK
open ↗Metasploit600
UnRAR Path Traversal (CVE-2022-30333)
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISK
open ↗Metasploit600
Zoho Password Manager Pro XML-RPC Java Deserialization
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code
100RISK
open ↗Metasploit600
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
40RISK
open ↗Metasploit600
Zyxel Firewall SUID Binary Privilege Escalation
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 t
36RISK
open ↗Metasploit600
Atlassian Confluence Namespace OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open ↗Metasploit600
Microsoft Office Word MSDTJS
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open ↗Metasploit300
SuiteCRM authenticated SQL injection in export functionality
SQL Injection in salesagility/suitecrm
28RISK
open ↗Metasploit600
Gitea Git Fetch Remote Code Execution
Gitea before 1.16.7 does not escape git fetch remote.
60RISK
open ↗Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RISK
open ↗Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file
100RISK
open ↗Metasploit300
Icingaweb Directory Traversal in Static Library File Requests
Path traversal in Icinga Web 2
78RISK
open ↗Metasploit600
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
100RISK
open ↗Metasploit600
DotCMS RCE via Arbitrary File Upload.
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RISK
open ↗Metasploit600
Zyxel Firewall ZTP Unauthenticated Command Injection
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
100RISK
open ↗Metasploit600
ZoneMinder Language Settings Remote Code Execution
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an
30RISK
open ↗Metasploit300
VICIdial Multiple Authenticated SQLi
VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
28RISK
open ↗Metasploit300
VICIdial Multiple Authenticated SQLi
VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
28RISK
open ↗Metasploit300
VICIdial Multiple Authenticated SQLi
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.
28RISK
open ↗Metasploit300
VMware vCenter Secrets Dump
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious act
83RISK
open ↗Metasploit600
ManageEngine ADSelfService Plus Custom Script Execution
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary
100RISK
open ↗Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
30RISK
open ↗Metasploit600
VMware Workspace ONE Access CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
100RISK
open ↗Metasploit400
VMware Workspace ONE Access CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISK
open ↗Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
23RISK
open ↗Metasploit600
Dompdf RCE via Malicious Font Caching (CVE-2022-28368)
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RISK
open ↗Metasploit400
ALLMediaServer 1.6 SEH Buffer Overflow
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrar
30RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.