Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows rem
60RISK
open ↗Referência
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISK
open ↗Referência
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISK
open ↗Referência
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, a
100RISK
open ↗Referência
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, a
100RISK
open ↗Referência
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, a
100RISK
open ↗Referência
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open ↗Referência
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open ↗Referência
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open ↗Referência
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open ↗Referência
CVE-2017-5817
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open ↗Referência
CVE-2017-5817
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open ↗Referência
CVE-2020-8163
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the
60RISK
open ↗Referência
CVE-2020-2230
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in
45RISK
open ↗Referência
CVE-2014-7863
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RISK
open ↗Referência
CVE-2018-17254
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RISK
open ↗Referência
CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISK
open ↗Referência
CVE-2019-14470
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has X
60RISK
open ↗Referência
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has X
60RISK
open ↗Referência
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to th
60RISK
open ↗Referência
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISK
open ↗Referência
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISK
open ↗Referência
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISK
open ↗Referência
fuel CMS 1.4.1 - Remote Code Execution (1)
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISK
open ↗Referência
CVE-2019-0539
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Referência
CVE-2019-0539
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Referência
CVE-2019-0539
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Referência
CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
100RISK
open ↗Referência
CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.