Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,044cataloged exploits
31,616CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2023-0315
Command Injection in froxlor/froxlor
78RISK
open
Referência
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RISK
open
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISK
open
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISK
open
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISK
open
Referência
CVE-2025-61884
CVE-2025-61884HIGHunder attackransomware
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions
100RISK
open
Referência
CVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISK
open
Referência
CVE-2019-19781
CVE-2019-19781CRITICALunder attackransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISK
open
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISK
open
Referência
CVE-2016-3714
CVE-2016-3714HIGHunder attack
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISK
open
Referência
CVE-2016-3714
CVE-2016-3714HIGHunder attack
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISK
open
Referência
CVE-2016-3714
CVE-2016-3714HIGHunder attack
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISK
open
Referência47
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
CVE-2024-56145CRITICALunder attack
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISK
open
Referência
CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m
45RISK
open
Referência
CVE-2024-10914
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISK
open
Referência
CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RISK
open
Referência
CVE-2019-9082
CVE-2019-9082HIGHunder attack
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open
Referência
CVE-2019-9082
CVE-2019-9082HIGHunder attack
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open
Referência
CVE-2023-27524
CVE-2023-27524HIGHunder attack
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open
Referência
CVE-2023-27524
CVE-2023-27524HIGHunder attack
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISK
open
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISK
open
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISK
open
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISK
open
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISK
open
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISK
open
Referência
CVE-2020-14864
CVE-2020-14864HIGHunder attack
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RISK
open
Referência
CVE-2025-34028
CVE-2025-34028CRITICALunder attack
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISK
open
Referência21
watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
CVE-2025-34028CRITICALunder attack
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.