Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in
33RISK
open ↗Exploit-DB
GDidees CMS 3.9.1 - Local File Disclosure
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RISK
open ↗Exploit-DB
Linux Kernel 6.2 - Userspace Processes To Enable Mitigation
Spectre v2 SMT mitigations problem in Linux kernel
33RISK
open ↗Exploit-DB
File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan
48RISK
open ↗Exploit-DB
Bang Resto v1.0 - 'Multiple' SQL Injection
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice
41RISK
open ↗Exploit-DB
Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
Microsoft Word Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
Paradox Security Systems IPR512 - Denial Of Service
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and l
53RISK
open ↗Exploit-DB
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
SourceCodester Online Computer and Laptop Store index.php unrestricted upload
33RISK
open ↗Exploit-DB
Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
41RISK
open ↗Exploit-DB
Joomla! v4.2.8 - Unauthenticated information disclosure
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open ↗Exploit-DB
ENTAB ERP 1.0 - Username PII leak
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames
33RISK
open ↗Exploit-DB
RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Wi
23RISK
open ↗Exploit-DB
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Manageme
33RISK
open ↗Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RISK
open ↗Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
100RISK
open ↗Exploit-DB
Adobe Connect 11.4.5 - Local File Disclosure
Adobe Connect Improper Access Control Security feature bypass
70RISK
open ↗Exploit-DB
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
Fortra GoAnywhere MFT License Response Servlet Command Injection
100RISK
open ↗Exploit-DB
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Microsoft Excel Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
FortiRecorder 6.4.3 - Denial of Service
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below
33RISK
open ↗Exploit-DB
pfsenseCE v2.6.0 - Anti-brute force protection bypass
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22
48RISK
open ↗Exploit-DB
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v
33RISK
open ↗Exploit-DB
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via
33RISK
open ↗Exploit-DB
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
33RISK
open ↗Exploit-DB
Altenergy Power Control Software C1.2.5 - OS command injection
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/managemen
60RISK
open ↗Exploit-DB
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
An authenticated user can embed malicious content with XSS into the admin group policy page.
33RISK
open ↗Exploit-DB
Suprema BioStar 2 v2.8.16 - SQL Injection
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/abs
33RISK
open ↗Exploit-DB
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_pas
60RISK
open ↗Exploit-DB
Docker based datastores for IBM Instana 241-2 243-0 - No Authentication
IBM Observability with Instana missing authentication
48RISK
open ↗Exploit-DB
MAC 1200R - Directory Traversal
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-stati
41RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.