Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
Pega Platform 8.1.0 - Remote Code Execution (RCE)
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Inte
48RISK
open ↗Exploit-DB
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct r
41RISK
open ↗Exploit-DB
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.
23RISK
open ↗Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISK
open ↗Exploit-DB
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL07552646
41RISK
open ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CSRF key bypass using HTTP methods in zoneminder
41RISK
open ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Denial of service through logs in zoneminder
33RISK
open ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
41RISK
open ↗Exploit-DB
Grafana <=6.2.4 - HTML Injection
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the
35RISK
open ↗Exploit-DB
FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISK
open ↗Exploit-DB
NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage ma
48RISK
open ↗Exploit-DB
ImpressCMS v1.4.3 - Authenticated SQL Injection
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this al
23RISK
open ↗Exploit-DB
Password Manager for IIS v2.0 - XSS
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL
33RISK
open ↗Exploit-DB
_camp_ Raspberry Pi camera server 1.0 - Authentication Bypass
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access
60RISK
open ↗Exploit-DB
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
23RISK
open ↗Exploit-DB
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an ex
23RISK
open ↗Exploit-DB
Abantecart v1.3.2 - Authenticated Remote Code Execution
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable
23RISK
open ↗Exploit-DB
DLink DIR 819 A1 - Denial of Service
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via t
41RISK
open ↗Exploit-DB
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
NEX-Forms < 7.9.7 - Authenticated SQLi
43RISK
open ↗Exploit-DB
System Mechanic v15.5.0.61 - Arbitrary Read/Write
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerabi
28RISK
open ↗Exploit-DB
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the s
33RISK
open ↗Exploit-DB
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
23RISK
open ↗Exploit-DB
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrar
23RISK
open ↗Exploit-DB
wkhtmltopdf 0.12.6 - Server Side Request Forgery
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by inje
28RISK
open ↗Exploit-DB
Bitbucket v7.0.0 - RCE
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISK
open ↗Exploit-DB
MAN-EAM-0003 V3.2.4 - XXE
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file uplo
56RISK
open ↗Exploit-DB
Linksys AX3200 V1.1.00 - Command Injection
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagn
46RISK
open ↗Exploit-DB
pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISK
open ↗Exploit-DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technolog
60RISK
open ↗Exploit-DB
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an
68RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.