Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS comman
53RISK
open ↗Exploit-DB
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute
33RISK
open ↗Exploit-DB
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to exe
33RISK
open ↗Exploit-DB
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to d
41RISK
open ↗Exploit-DB
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's securit
23RISK
open ↗Exploit-DB
Optoma 1080PSTX Firmware C02 - Authentication Bypass
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid cr
60RISK
open ↗Exploit-DB
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive informat
48RISK
open ↗Exploit-DB
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allo
48RISK
open ↗Exploit-DB
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitr
33RISK
open ↗Exploit-DB
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open ↗Exploit-DB
Apache Superset 2.0.0 - Authentication Bypass
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open ↗Exploit-DB
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
33RISK
open ↗Exploit-DB
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL
48RISK
open ↗Exploit-DB
Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
41RISK
open ↗Exploit-DB
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file paramete
41RISK
open ↗Exploit-DB
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_pro
41RISK
open ↗Exploit-DB
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
TEM FLEX-1085 reboot denial of service
41RISK
open ↗Exploit-DB
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users wi
33RISK
open ↗Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code v
48RISK
open ↗Exploit-DB
Jedox 2022.4.2 - Code Execution via RPC Interfaces
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load a
41RISK
open ↗Exploit-DB
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of dat
38RISK
open ↗Exploit-DB
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
SourceCodester Online Pizza Ordering System unrestricted upload
33RISK
open ↗Exploit-DB
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web
48RISK
open ↗Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authentica
60RISK
open ↗Exploit-DB
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to ex
46RISK
open ↗Exploit-DB
FS-S3900-24T4S - Privilege Escalation
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin
41RISK
open ↗Exploit-DB
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalat
41RISK
open ↗Exploit-DB
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10
100RISK
open ↗Exploit-DB
KodExplorer 4.49 - CSRF to Arbitrary File Upload
kalcaddle KodExplorer cross-site request forgery
33RISK
open ↗Exploit-DB
PaperCut NG/MG 22.0.4 - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.