Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Pega Platform 8.1.0 - Remote Code Execution (RCE)
CVE-2022-24082CRITICAL28 Mar 2023
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Inte
48RISK
open
Exploit-DB
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
CVE-2022-42953HIGH28 Mar 2023
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct r
41RISK
open
Exploit-DB
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
CVE-2022-3655128 Mar 2023
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.
23RISK
open
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
CVE-2022-41441MEDIUM28 Mar 2023
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISK
open
Exploit-DB
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
CVE-2022-37255HIGH28 Mar 2023
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL07552646
41RISK
open
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39290HIGH27 Mar 2023
CSRF key bypass using HTTP methods in zoneminder
41RISK
open
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39291MEDIUM27 Mar 2023
Denial of service through logs in zoneminder
33RISK
open
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39285HIGH27 Mar 2023
Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
41RISK
open
Exploit-DB
Grafana <=6.2.4 - HTML Injection
CVE-2019-1306827 Mar 2023
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the
35RISK
open
Exploit-DB
FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
CVE-2022-40684CRITICALunder attackransomware27 Mar 2023
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISK
open
Exploit-DB
NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
CVE-2022-34668CRITICAL25 Mar 2023
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage ma
48RISK
open
Exploit-DB
ImpressCMS v1.4.3 - Authenticated SQL Injection
CVE-2022-2698625 Mar 2023
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this al
23RISK
open
Exploit-DB
Password Manager for IIS v2.0 - XSS
CVE-2022-36664MEDIUM25 Mar 2023
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL
33RISK
open
Exploit-DB
_camp_ Raspberry Pi camera server 1.0 - Authentication Bypass
CVE-2022-37109CRITICAL25 Mar 2023
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access
60RISK
open
Exploit-DB
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
CVE-2022-314125 Mar 2023
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
23RISK
open
Exploit-DB
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
CVE-2022-2614925 Mar 2023
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an ex
23RISK
open
Exploit-DB
Abantecart v1.3.2 - Authenticated Remote Code Execution
CVE-2022-2652125 Mar 2023
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable
23RISK
open
Exploit-DB
DLink DIR 819 A1 - Denial of Service
CVE-2022-40946HIGH25 Mar 2023
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via t
41RISK
open
Exploit-DB
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
CVE-2022-314225 Mar 2023
NEX-Forms < 7.9.7 - Authenticated SQLi
43RISK
open
Exploit-DB
System Mechanic v15.5.0.61 - Arbitrary Read/Write
CVE-2018-570125 Mar 2023
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerabi
28RISK
open
Exploit-DB
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
CVE-2022-35155MEDIUM25 Mar 2023
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the s
33RISK
open
Exploit-DB
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
CVE-2022-2698225 Mar 2023
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
23RISK
open
Exploit-DB
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
CVE-2021-4636025 Mar 2023
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrar
23RISK
open
Exploit-DB
wkhtmltopdf 0.12.6 - Server Side Request Forgery
CVE-2022-3558323 Mar 2023
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by inje
28RISK
open
Exploit-DB
Bitbucket v7.0.0 - RCE
CVE-2022-36804HIGHunder attack23 Mar 2023
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISK
open
Exploit-DB
MAN-EAM-0003 V3.2.4 - XXE
CVE-2022-38840HIGH23 Mar 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file uplo
56RISK
open
Exploit-DB
Linksys AX3200 V1.1.00 - Command Injection
CVE-2022-38841HIGH22 Mar 2023
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagn
46RISK
open
Exploit-DB
pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
CVE-2022-31814CRITICAL20 Feb 2023
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISK
open
Exploit-DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
CVE-2022-3242911 Nov 2022
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technolog
60RISK
open
Exploit-DB
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
CVE-2022-23854HIGH11 Nov 2022
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an
68RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.