Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
8,069 exploits
VulnCheck XDB
local
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open ↗VulnCheck XDB
info-leak
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open ↗VulnCheck XDB
info-leak
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open ↗VulnCheck XDB
initial-access
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open ↗VulnCheck XDB
initial-access
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISK
open ↗VulnCheck XDB
info-leak
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
41RISK
open ↗VulnCheck XDB
local
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RISK
open ↗VulnCheck XDB
initial-access
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where th
56RISK
open ↗VulnCheck XDB
initial-access
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.