Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit300
Microsoft Exchange ProxyLogon Scanner
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Metasploit600
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Metasploit600
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Metasploit600
VMware View Planner Unauthenticated Log File Upload RCE
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISK
open ↗Metasploit600
Veritas Backup Exec Agent Remote Code Execution
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISK
open ↗Metasploit600
Veritas Backup Exec Agent Remote Code Execution
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISK
open ↗Metasploit600
Veritas Backup Exec Agent Remote Code Execution
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISK
open ↗Metasploit300
FortiLogger Arbitrary File Upload Exploit
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISK
open ↗Metasploit600
IGEL OS Secure VNC/Terminal Command Injection RCE
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
63RISK
open ↗Metasploit300
Wifi Mouse RCE
Necta WiFi Mouse (Mouse Server) client-side authentication bypass
40RISK
open ↗Metasploit300
Unified Remote Auth Bypass to RCE
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication
55RISK
open ↗Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable
40RISK
open ↗Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel
40RISK
open ↗Metasploit0
VMware vCenter Server Unauthenticated OVA File Upload RCE
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISK
open ↗Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open ↗Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open ↗Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RISK
open ↗Metasploit200
Win32k ConsoleControl Offset Confusion
Windows Win32k Elevation of Privilege Vulnerability
100RISK
open ↗Metasploit200
Win32k ConsoleControl Offset Confusion
Win32k Elevation of Privilege Vulnerability
98RISK
open ↗Metasploit600
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISK
open ↗Metasploit600
Advantech iView Unauthenticated Remote Code Execution
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow a
30RISK
open ↗Metasploit600
NetMotion Mobility Server MvcUtil Java Deserialization
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code
40RISK
open ↗Metasploit300
NCR Command Center Agent Remote Code Execution
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (wit
40RISK
open ↗Metasploit600
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open ↗Metasploit600
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open ↗Metasploit600
Apache Druid 0.20.0 Remote Command Execution
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
60RISK
open ↗Metasploit600
Lucee Administrator imgProcess.cfm Arbitrary File Write
Remote Code Exploit in Lucee Admin
78RISK
open ↗Metasploit600
Unauthenticated remote code execution in Ignition
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISK
open ↗Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
48RISK
open ↗Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
Microsoft Exchange Remote Code Execution Vulnerability
65RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.