Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,002cataloged exploits
31,582CVEs with public exploitation
19,780 exploits
Referência
CVE-2026-56111
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RISK
open
Referência
CVE-2026-9710
Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure
41RISK
open
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISK
open
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISK
open
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISK
open
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISK
open
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISK
open
Referência
CVE-2020-14883
CVE-2020-14883HIGHunder attack
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISK
open
Referência
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which all
60RISK
open
Referência
CVE-2020-17519
CVE-2020-17519CRITICALunder attack
Apache Flink directory traversal attack: reading remote files through the REST API
100RISK
open
Referência
CVE-2010-1653
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! a
43RISK
open
Referência
CVE-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISK
open
Referência
CVE-2020-11738
CVE-2020-11738HIGHunder attack
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISK
open
Referência
CVE-2020-11738
CVE-2020-11738HIGHunder attack
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISK
open
Referência
CVE-2023-38831
CVE-2023-38831HIGHunder attackransomware
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISK
open
Referência
CVE-2022-21661
SQL injection in WordPress
78RISK
open
Referência
CVE-2026-7740
justdan96 tsMuxer vvc.cpp setFPS denial of service
33RISK
open
Referência
CVE-2026-7739
justdan96 tsMuxer hevc.cpp setFPS denial of service
33RISK
open
Referência
CVE-2026-7738
puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
33RISK
open
Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RISK
open
Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RISK
open
Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open
Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open
Referência
CVE-2025-32433
CVE-2025-32433CRITICALunder attack
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
Referência
CVE-2016-7621
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchO
23RISK
open
Referência
CVE-2019-19781
CVE-2019-19781CRITICALunder attackransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Referência
CVE-2026-7732
code-projects BloodBank Managing System request_blood.php unrestricted upload
33RISK
open
Referência
CVE-2022-43769
CVE-2022-43769HIGHunder attack
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RISK
open
Referência
CVE-2015-7450
CVE-2015-7450CRITICALunder attack
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RISK
open
Referência
CVE-2023-0315
Command Injection in froxlor/froxlor
78RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.