Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 Apr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RISK
open
Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
CVE-2022-31125CRITICAL03 Apr 2023
Authentication Bypass in Roxy-wi
53RISK
open
Exploit-DB
sleuthkit 4.11.1 - Command Injection
CVE-2022-45639HIGH03 Apr 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RISK
open
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 Apr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RISK
open
Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
CVE-2023-2316103 Apr 2023
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RISK
open
Exploit-DB
Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706HIGH01 Apr 2023
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISK
open
Exploit-DB
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
CVE-2022-4819701 Apr 2023
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, Tree
38RISK
open
Exploit-DB
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
CVE-2022-30519MEDIUM01 Apr 2023
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary c
33RISK
open
Exploit-DB
Apache 2.4.x - Buffer Overflow
CVE-2021-4479001 Apr 2023
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
45RISK
open
Exploit-DB
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-44149HIGH01 Apr 2023
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISK
open
Exploit-DB
perfSONAR v4.4.5 - Partial Blind CSRF
CVE-2022-41413MEDIUM01 Apr 2023
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attack
33RISK
open
Exploit-DB
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-44877CRITICALunder attack01 Apr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISK
open
Exploit-DB
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
CVE-2022-48194HIGH01 Apr 2023
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a De
53RISK
open
Exploit-DB
AD Manager Plus 7122 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALunder attackransomware01 Apr 2023
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
Exploit-DB
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-2884CRITICAL01 Apr 2023
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3
70RISK
open
Exploit-DB
Cacti v1.2.22 - Remote Command Execution (RCE)
CVE-2022-46169CRITICALunder attack31 Mar 2023
Unauthenticated Command Injection
100RISK
open
Exploit-DB
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
CVE-2022-46770HIGH31 Mar 2023
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RISK
open
Exploit-DB
EQ Enterprise management system v2.2.0 - SQL Injection
CVE-2022-45297CRITICAL31 Mar 2023
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
48RISK
open
Exploit-DB
rconfig 3.9.7 - Sql Injection (Authenticated)
CVE-2022-45030HIGH31 Mar 2023
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may
41RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24629CRITICAL30 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achie
60RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463030 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh
28RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463230 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during f
28RISK
open
Exploit-DB
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
CVE-2022-40319HIGH30 Mar 2023
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a
41RISK
open
Exploit-DB
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
CVE-2022-2841LOW30 Mar 2023
CrowdStrike Falcon Uninstallation authorization
28RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24627CRITICAL30 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injec
68RISK
open
Exploit-DB
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
CVE-2022-39195MEDIUM30 Mar 2023
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary
48RISK
open
Exploit-DB
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-1565HIGH29 Mar 2023
Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload
46RISK
open
Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
CVE-2022-3227228 Mar 2023
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISK
open
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
CVE-2022-41441MEDIUM28 Mar 2023
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISK
open
Exploit-DB
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
CVE-2022-38580CRITICAL28 Mar 2023
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
53RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.