Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
TAR Path Traversal in Zimbra (CVE-2022-41352)
CVE-2022-41352CRITICALunder attack28 Jun 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through ama
100RISK
open
Metasploit600
Advantech iView NetworkServlet Command Injection
CVE-2022-2143CRITICAL28 Jun 2022
Advantech iView
75RISK
open
Metasploit600
UnRAR Path Traversal in Zimbra (CVE-2022-30333)
CVE-2022-30333HIGHunder attackransomware28 Jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISK
open
Metasploit600
UnRAR Path Traversal (CVE-2022-30333)
CVE-2022-30333HIGHunder attackransomware28 Jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISK
open
Metasploit600
Zoho Password Manager Pro XML-RPC Java Deserialization
CVE-2022-35405CRITICALunder attack24 Jun 2022
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code
100RISK
open
Metasploit600
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
CVE-2022-20828MEDIUM22 Jun 2022
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
40RISK
open
Metasploit600
Zyxel Firewall SUID Binary Privilege Escalation
CVE-2022-30526HIGH14 Jun 2022
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 t
36RISK
open
Metasploit600
Atlassian Confluence Namespace OGNL Injection
CVE-2022-26134CRITICALunder attackransomware02 Jun 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open
Metasploit600
Microsoft Office Word MSDTJS
CVE-2022-30190HIGHunder attackransomware29 May 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
Metasploit300
SuiteCRM authenticated SQL injection in export functionality
CVE-2023-5350MEDIUM24 May 2022
SQL Injection in salesagility/suitecrm
28RISK
open
Metasploit600
Gitea Git Fetch Remote Code Execution
CVE-2022-3078116 May 2022
Gitea before 1.16.7 does not escape git fetch remote.
60RISK
open
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-37042CRITICALunder attackransomware10 May 2022
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RISK
open
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-27925HIGHunder attackransomware10 May 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file
100RISK
open
Metasploit300
Icingaweb Directory Traversal in Static Library File Requests
CVE-2022-24716HIGH09 May 2022
Path traversal in Icinga Web 2
78RISK
open
Metasploit600
F5 BIG-IP iControl RCE via REST Authentication Bypass
CVE-2022-1388CRITICALunder attackransomware04 May 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
100RISK
open
Metasploit600
DotCMS RCE via Arbitrary File Upload.
CVE-2022-26352CRITICALunder attackransomware03 May 2022
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RISK
open
Metasploit600
Zyxel Firewall ZTP Unauthenticated Command Injection
CVE-2022-30525CRITICALunder attack28 Apr 2022
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
100RISK
open
Metasploit600
ZoneMinder Language Settings Remote Code Execution
CVE-2022-2980627 Apr 2022
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an
30RISK
open
Metasploit600
Tatsu Wordpress Plugin RCE
CVE-2021-2509425 Apr 2022
Tatsu < 3.3.12 - Unauthenticated RCE
60RISK
open
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34878MEDIUM19 Apr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
28RISK
open
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34877MEDIUM19 Apr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
28RISK
open
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34876MEDIUM19 Apr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.
28RISK
open
Metasploit300
VMware vCenter Secrets Dump
CVE-2022-22948MEDIUMunder attack15 Apr 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious act
83RISK
open
Metasploit600
ManageEngine ADSelfService Plus Custom Script Execution
CVE-2022-28810MEDIUMunder attack09 Apr 2022
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary
100RISK
open
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295606 Apr 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
30RISK
open
Metasploit600
VMware Workspace ONE Access CVE-2022-22954
CVE-2022-22954CRITICALunder attackransomware06 Apr 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
100RISK
open
Metasploit400
VMware Workspace ONE Access CVE-2022-22960
CVE-2022-22960HIGHunder attack06 Apr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISK
open
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295706 Apr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
23RISK
open
Metasploit600
Dompdf RCE via Malicious Font Caching (CVE-2022-28368)
CVE-2022-2836805 Apr 2022
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RISK
open
Metasploit400
ALLMediaServer 1.6 SEH Buffer Overflow
CVE-2022-2838101 Apr 2022
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrar
30RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.