Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Vesta Control Panel Authenticated Remote Code Execution
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint.
40RISK
open ↗Metasploit400
SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open ↗Metasploit200
SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open ↗Metasploit300
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISK
open ↗Metasploit0
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISK
open ↗Metasploit400
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISK
open ↗Metasploit400
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISK
open ↗Metasploit300
CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RISK
open ↗Metasploit600
Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl
98RISK
open ↗Metasploit600
Pandora FMS Ping Authenticated Remote Code Execution
Pandora FMS Authenticated Remote Code Execution via Ping Module
36RISK
open ↗Metasploit500
ManageEngine Desktop Central Java Deserialization
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RISK
open ↗Metasploit600
Metasploit Libnotify Plugin Arbitrary Command Execution
Metasploit Framework Plugin Libnotify Command Injection
28RISK
open ↗Metasploit600
SharePoint Workflows XOML Injection
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.N
100RISK
open ↗Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, u
38RISK
open ↗Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RISK
open ↗Metasploit200
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISK
open ↗Metasploit600
WordPress wpDiscuz Unauthenticated File Upload Vulnerability
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RISK
open ↗Metasploit300
Apache Tomcat AJP File Read
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open ↗Metasploit300
Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
98RISK
open ↗Metasploit300
WordPress Duplicator File Read Vulnerability
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISK
open ↗Metasploit0
Google Chrome 80 JSCreate side-effect type confusion exploit
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corru
100RISK
open ↗Metasploit600
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0
30RISK
open ↗Metasploit600
Service Tracing Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window
23RISK
open ↗Metasploit600
Exchange Control Panel ViewState Deserialization
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISK
open ↗Metasploit600
SQL Server Reporting Services (SSRS) ViewState Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RISK
open ↗Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
Unraid 6.8.0 allows authentication bypass.
100RISK
open ↗Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
100RISK
open ↗Metasploit600
Horde CSV import arbitrary PHP code execution
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RISK
open ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISK
open ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.