Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
CVE-2020-6627CRITICAL25 May 2023
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS comman
53RISK
open
Exploit-DB
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
CVE-2023-33829MEDIUM25 May 2023
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute
33RISK
open
Exploit-DB
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
CVE-2023-25440MEDIUM23 May 2023
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to exe
33RISK
open
Exploit-DB
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
CVE-2023-31702HIGH23 May 2023
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to d
41RISK
open
Exploit-DB
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2023-3169823 May 2023
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's securit
23RISK
open
Exploit-DB
Optoma 1080PSTX Firmware C02 - Authentication Bypass
CVE-2023-27823CRITICAL23 May 2023
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid cr
60RISK
open
Exploit-DB
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
CVE-2023-30256MEDIUM23 May 2023
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive informat
48RISK
open
Exploit-DB
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
CVE-2023-31703CRITICAL23 May 2023
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allo
48RISK
open
Exploit-DB
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
CVE-2023-25439MEDIUM23 May 2023
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitr
33RISK
open
Exploit-DB
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
CVE-2023-27350CRITICALunder attackransomware23 May 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open
Exploit-DB
Apache Superset 2.0.0 - Authentication Bypass
CVE-2023-27524HIGHunder attack23 May 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open
Exploit-DB
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
CVE-2023-31699MEDIUM23 May 2023
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
33RISK
open
Exploit-DB
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
CVE-2023-1934CRITICAL23 May 2023
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL
48RISK
open
Exploit-DB
Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
CVE-2023-31873HIGH23 May 2023
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
41RISK
open
Exploit-DB
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
CVE-2022-41544HIGH23 May 2023
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file paramete
41RISK
open
Exploit-DB
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
CVE-2023-31874HIGH23 May 2023
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_pro
41RISK
open
Exploit-DB
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
CVE-2022-2591HIGH13 May 2023
TEM FLEX-1085 reboot denial of service
41RISK
open
Exploit-DB
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
CVE-2022-47880MEDIUM05 May 2023
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users wi
33RISK
open
Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
CVE-2022-47876CRITICAL05 May 2023
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code v
48RISK
open
Exploit-DB
Jedox 2022.4.2 - Code Execution via RPC Interfaces
CVE-2022-47879HIGH05 May 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load a
41RISK
open
Exploit-DB
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
CVE-2022-47874MEDIUM05 May 2023
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of dat
38RISK
open
Exploit-DB
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
CVE-2023-2246MEDIUM05 May 2023
SourceCodester Online Pizza Ordering System unrestricted upload
33RISK
open
Exploit-DB
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
CVE-2022-47877CRITICAL05 May 2023
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web
48RISK
open
Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
CVE-2022-47878CRITICAL05 May 2023
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authentica
60RISK
open
Exploit-DB
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
CVE-2022-47875HIGH05 May 2023
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to ex
46RISK
open
Exploit-DB
FS-S3900-24T4S - Privilege Escalation
CVE-2023-30350HIGH02 May 2023
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin
41RISK
open
Exploit-DB
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
CVE-2023-25438HIGH02 May 2023
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalat
41RISK
open
Exploit-DB
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
CVE-2023-1671CRITICALunder attack25 Apr 2023
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10
100RISK
open
Exploit-DB
KodExplorer 4.49 - CSRF to Arbitrary File Upload
CVE-2022-4944MEDIUM25 Apr 2023
kalcaddle KodExplorer cross-site request forgery
33RISK
open
Exploit-DB
PaperCut NG/MG 22.0.4 - Authentication Bypass
CVE-2023-27350CRITICALunder attackransomware25 Apr 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.