Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2017-12615
CVE-2017-12615HIGHunder attackransomware
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISK
open
Referência
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows
60RISK
open
Referência
CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RISK
open
Referência
CVE-2019-15954
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISK
open
Referência
CVE-2018-7890
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The pu
60RISK
open
Referência
CVE-2024-10915
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISK
open
Referência
CVE-2025-2777
SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
85RISK
open
Referência
Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, a
60RISK
open
Referência
CVE-2016-8740
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2
45RISK
open
Referência
CVE-2018-17553
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs N
60RISK
open
Referência
CVE-2015-7709
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to b
60RISK
open
Referência
CVE-2015-7709
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to b
60RISK
open
Referência
CVE-2010-1549
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote
60RISK
open
Referência
CVE-2018-12465
Remote Code Execution in Micro Focus Secure Messaging Gateway
85RISK
open
Referência
CVE-2018-0769
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitra
45RISK
open
Referência
CVE-2018-10583
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RISK
open
Referência
CVE-2025-34291
CVE-2025-34291CRITICALunder attack
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RISK
open
Referência
CVE-2019-1622
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RISK
open
Referência
CVE-2019-1622
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RISK
open
Referência
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
60RISK
open
Referência
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
60RISK
open
Referência
CVE-2012-4792
CVE-2012-4792HIGHunder attack
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary cod
100RISK
open
Referência
CVE-2021-24931
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RISK
open
Referência
CVE-2020-6418
CVE-2020-6418HIGHunder attack
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corru
100RISK
open
Referência
CVE-2021-22555
CVE-2021-22555HIGHunder attack
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Referência
CVE-2021-22555
CVE-2021-22555HIGHunder attack
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Referência
CVE-2021-22555
CVE-2021-22555HIGHunder attack
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Referência
CVE-2021-22555
CVE-2021-22555HIGHunder attack
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Referência
CVE-2021-22555
CVE-2021-22555HIGHunder attack
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
Referência
CVE-2010-4417
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.