Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Geutebruck instantrec Remote Command Execution
CVE-2021-33549HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE
48RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33544HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: command injection leading to RCE
58RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33543CRITICAL08 Jul 2021
UDP Technology/Geutebrück camera devices: Authentication Bypass
65RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33552HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
48RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33550HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
48RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33548HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
48RISK
open
Metasploit400
Sage X3 Administration Service Authentication Bypass Command Execution
CVE-2020-7388CRITICAL07 Jul 2021
Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing
85RISK
open
Metasploit400
Sage X3 Administration Service Authentication Bypass Command Execution
CVE-2020-7387MEDIUM07 Jul 2021
Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor
40RISK
open
Metasploit500
Netfilter x_tables Heap OOB Write Privilege Escalation
CVE-2021-22555HIGHunder attack07 Jul 2021
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Metasploit600
ForgeRock / OpenAM Jato Java Deserialization
CVE-2021-35464CRITICALunder attackransomware29 Jun 2021
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pa
100RISK
open
Metasploit600
Moodle SpellChecker Path Authenticated Remote Command Execution
CVE-2021-21809HIGH22 Jun 2021
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted s
41RISK
open
Metasploit600
Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution
CVE-2021-2434714 Jun 2021
SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
30RISK
open
Metasploit600
elFinder Archive Command Injection
CVE-2021-32682CRITICAL13 Jun 2021
Multiple vulnerabilities leading to RCE
75RISK
open
Metasploit300
Wordpress Popular Posts Authenticated RCE
CVE-2021-42362HIGH11 Jun 2021
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RISK
open
Metasploit300
Print Spooler Remote DLL Injection
CVE-2021-34527HIGHunder attackransomware08 Jun 2021
Windows Print Spooler Remote Code Execution Vulnerability
100RISK
open
Metasploit300
Print Spooler Remote DLL Injection
CVE-2021-1675HIGHunder attackransomware08 Jun 2021
Windows Print Spooler Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Polkit D-Bus Authentication Bypass
CVE-2021-3560HIGHunder attack03 Jun 2021
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISK
open
Metasploit300
Squid Proxy Range Header DoS
CVE-2021-3180627 May 2021
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a
40RISK
open
Metasploit300
Squid Proxy Range Header DoS
CVE-2021-3180727 May 2021
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to
23RISK
open
Metasploit600
VMware vCenter Server Virtual SAN Health Check Plugin RCE
CVE-2021-21985CRITICALunder attackransomware25 May 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RISK
open
Metasploit600
ExifTool DjVu ANT Perl injection
CVE-2021-22204MEDIUMunder attack24 May 2021
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISK
open
Metasploit600
IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE
CVE-2021-3339317 May 2021
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open
Metasploit600
Microsoft SharePoint Unsafe Control and ViewState RCE
CVE-2021-31181HIGH11 May 2021
Microsoft SharePoint Remote Code Execution Vulnerability
48RISK
open
Metasploit500
Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE
CVE-2021-3490HIGH11 May 2021
Linux kernel eBPF bitwise ops ALU32 bounds tracking
41RISK
open
Metasploit300
Windows IIS HTTP Protocol Stack DOS
CVE-2021-31166CRITICALunder attack11 May 2021
HTTP Protocol Stack Remote Code Execution Vulnerability
100RISK
open
Metasploit300
Apache 2.4.49/2.4.50 Traversal RCE scanner
CVE-2021-41773HIGHunder attackransomware10 May 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
Metasploit600
Apache 2.4.49/2.4.50 Traversal RCE
CVE-2021-42013CRITICALunder attackransomware10 May 2021
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
Metasploit600
Apache 2.4.49/2.4.50 Traversal RCE
CVE-2021-41773HIGHunder attackransomware10 May 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
Metasploit300
Apache 2.4.49/2.4.50 Traversal RCE scanner
CVE-2021-42013CRITICALunder attackransomware10 May 2021
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
Metasploit600
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
CVE-2021-1499MEDIUM05 May 2021
Cisco HyperFlex HX Data Platform File Upload Vulnerability
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.