Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
CVE-2023-29848MEDIUM20 Apr 2023
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in
33RISK
open
Exploit-DB
GDidees CMS 3.9.1 - Local File Disclosure
CVE-2023-27179HIGH20 Apr 2023
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RISK
open
Exploit-DB
Linux Kernel 6.2 - Userspace Processes To Enable Mitigation
CVE-2023-1998MEDIUM20 Apr 2023
Spectre v2 SMT mitigations problem in Linux kernel
33RISK
open
Exploit-DB
File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
CVE-2023-26918CRITICAL20 Apr 2023
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan
48RISK
open
Exploit-DB
Bang Resto v1.0 - 'Multiple' SQL Injection
CVE-2023-29849HIGH20 Apr 2023
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice
41RISK
open
Exploit-DB
Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
CVE-2023-28311HIGH20 Apr 2023
Microsoft Word Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
Paradox Security Systems IPR512 - Denial Of Service
CVE-2023-24709HIGH10 Apr 2023
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and l
53RISK
open
Exploit-DB
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
CVE-2023-1826MEDIUM10 Apr 2023
SourceCodester Online Computer and Laptop Store index.php unrestricted upload
33RISK
open
Exploit-DB
Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing
CVE-2023-24892HIGH10 Apr 2023
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
41RISK
open
Exploit-DB
Joomla! v4.2.8 - Unauthenticated information disclosure
CVE-2023-23752MEDIUMunder attack08 Apr 2023
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open
Exploit-DB
ENTAB ERP 1.0 - Username PII leak
CVE-2022-30076MEDIUM08 Apr 2023
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames
33RISK
open
Exploit-DB
RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
CVE-2022-4752908 Apr 2023
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Wi
23RISK
open
Exploit-DB
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
CVE-2023-26692MEDIUM08 Apr 2023
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Manageme
33RISK
open
Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2022-43769HIGHunder attack08 Apr 2023
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RISK
open
Exploit-DB
Icinga Web 2.10 - Arbitrary File Disclosure
CVE-2022-24716HIGH08 Apr 2023
Path traversal in Icinga Web 2
78RISK
open
Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2022-43939HIGHunder attack08 Apr 2023
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
100RISK
open
Exploit-DB
Adobe Connect 11.4.5 - Local File Disclosure
CVE-2023-22232MEDIUM08 Apr 2023
Adobe Connect Improper Access Control Security feature bypass
70RISK
open
Exploit-DB
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
CVE-2023-0669HIGHunder attackransomware08 Apr 2023
Fortra GoAnywhere MFT License Response Servlet Command Injection
100RISK
open
Exploit-DB
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
CVE-2023-23399HIGH08 Apr 2023
Microsoft Excel Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
FortiRecorder 6.4.3 - Denial of Service
CVE-2022-41333MEDIUM08 Apr 2023
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below
33RISK
open
Exploit-DB
pfsenseCE v2.6.0 - Anti-brute force protection bypass
CVE-2023-27100CRITICAL08 Apr 2023
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22
48RISK
open
Exploit-DB
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
CVE-2022-48177MEDIUM08 Apr 2023
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v
33RISK
open
Exploit-DB
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2022-48178MEDIUM08 Apr 2023
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via
33RISK
open
Exploit-DB
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
CVE-2022-0020MEDIUM08 Apr 2023
Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
33RISK
open
Exploit-DB
Altenergy Power Control Software C1.2.5 - OS command injection
CVE-2023-2834308 Apr 2023
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/managemen
60RISK
open
Exploit-DB
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
CVE-2022-25630MEDIUM08 Apr 2023
An authenticated user can embed malicious content with XSS into the admin group policy page.
33RISK
open
Exploit-DB
Suprema BioStar 2 v2.8.16 - SQL Injection
CVE-2023-27167MEDIUM08 Apr 2023
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/abs
33RISK
open
Exploit-DB
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
CVE-2020-35391CRITICAL07 Apr 2023
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_pas
60RISK
open
Exploit-DB
Docker based datastores for IBM Instana 241-2 243-0 - No Authentication
CVE-2023-27290CRITICAL07 Apr 2023
IBM Observability with Instana missing authentication
48RISK
open
Exploit-DB
MAC 1200R - Directory Traversal
CVE-2021-27825HIGH07 Apr 2023
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-stati
41RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.