Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2020-14871
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISK
open ↗Referência
CVE-2020-14871
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISK
open ↗Referência
CVE-2020-14871
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISK
open ↗Referência
CVE-2023-22952
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RISK
open ↗Referência
Ubuntu 6.06 - DHCPd Remote Denial of Service
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some othe
45RISK
open ↗Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RISK
open ↗Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RISK
open ↗Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RISK
open ↗Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RISK
open ↗Referência
OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and
60RISK
open ↗Referência
CVE-2017-16666
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RISK
open ↗Referência
CVE-2017-16666
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RISK
open ↗Referência
CVE-2014-4872
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RISK
open ↗Referência
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbi
45RISK
open ↗Referência
CVE-2016-6563
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
60RISK
open ↗Referência
CVE-2015-3043
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
100RISK
open ↗Referência
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RISK
open ↗Referência
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RISK
open ↗Referência
CVE-2021-42362
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RISK
open ↗Referência
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RISK
open ↗Referência
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RISK
open ↗Referência
WebCalendar 1.2.4 - Remote Code Execution
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RISK
open ↗Referência
CVE-2014-7866
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and
45RISK
open ↗Referência
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RISK
open ↗Referência
CVE-2016-7201
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2016-7201
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2016-7201
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2016-2555
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISK
open ↗Referência
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire I
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.