Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
CVE-2022-3242911 Nov 2022
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technolog
60RISK
open
Exploit-DB
Open Web Analytics 1.7.3 - Remote Code Execution
CVE-2022-2463711 Nov 2022
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, wh
60RISK
open
Exploit-DB
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
CVE-2022-23854HIGH11 Nov 2022
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an
68RISK
open
Exploit-DB
Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
CVE-2022-284006 Oct 2022
Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
23RISK
open
Exploit-DB
Teleport v10.1.1 - Remote Code Execution (RCE)
CVE-2022-3663323 Sep 2022
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISK
open
Exploit-DB
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
CVE-2021-4045CRITICAL23 Sep 2022
TP-LINK Tapo C200 remote code execution vulnerability
70RISK
open
Exploit-DB
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
CVE-2022-3414023 Sep 2022
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RISK
open
Exploit-DB
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
CVE-2022-2941MEDIUM23 Sep 2022
WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
33RISK
open
Exploit-DB
Bookwyrm v0.4.3 - Authentication Bypass
CVE-2022-2651CRITICAL20 Sep 2022
Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm
53RISK
open
Exploit-DB
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
CVE-2022-3626720 Sep 2022
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerabilit
35RISK
open
Exploit-DB
Blink1Control2 2.2.7 - Weak Password Encryption
CVE-2022-3551320 Sep 2022
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
23RISK
open
Exploit-DB
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
CVE-2022-3078115 Sep 2022
Gitea before 1.16.7 does not escape git fetch remote.
60RISK
open
Exploit-DB
Prestashop blockwishlist module 2.1.0 - SQLi
CVE-2022-31101HIGH09 Aug 2022
SQL Injection in prestashop/blockwishlist
61RISK
open
Exploit-DB
PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
CVE-2020-2038HIGH09 Aug 2022
PAN-OS: OS command injection vulnerability in the management web interface
78RISK
open
Exploit-DB
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
CVE-2022-3414009 Aug 2022
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RISK
open
Exploit-DB
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
CVE-2021-4275009 Aug 2022
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RISK
open
Exploit-DB
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
CVE-2021-4275109 Aug 2022
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RISK
open
Exploit-DB
uftpd 2.10 - Directory Traversal (Authenticated)
CVE-2020-2027702 Aug 2022
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server ver
28RISK
open
Exploit-DB
Wavlink WN530HG4 - Password Disclosure
CVE-2022-3404701 Aug 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via v
43RISK
open
Exploit-DB
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
CVE-2022-255201 Aug 2022
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
38RISK
open
Exploit-DB
Wavlink WN533A8 - Password Disclosure
CVE-2022-3404601 Aug 2022
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via vie
43RISK
open
Exploit-DB
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
CVE-2004-246601 Aug 2022
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISK
open
Exploit-DB
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
CVE-2022-255101 Aug 2022
Duplicator < 1.4.7 - Unauthenticated Backup Download
43RISK
open
Exploit-DB
Wavlink WN533A8 - Cross-Site Scripting (XSS)
CVE-2022-3404801 Aug 2022
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via th
38RISK
open
Exploit-DB
Dingtian-DT-R002 3.1.276A - Authentication Bypass
CVE-2022-29593MEDIUM29 Jul 2022
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post reques
38RISK
open
Exploit-DB
rpc.py 0.6.0 - Remote Code Execution (RCE)
CVE-2022-3541129 Jul 2022
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header i
35RISK
open
Exploit-DB
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
CVE-2022-3309821 Jul 2022
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function.
35RISK
open
Exploit-DB
IOTransfer 4.0 - Remote Code Execution (RCE)
CVE-2022-2456221 Jul 2022
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary
35RISK
open
Exploit-DB
CodoForum v5.1 - Remote Code Execution (RCE)
CVE-2022-3185421 Jul 2022
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin
50RISK
open
Exploit-DB
OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
CVE-2021-3671121 Jul 2022
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
28RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.