Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,046cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,079VulnCheck XDB 8,060Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
Erugo 0.2.14 - Remote Code Execution (RCE)
Authenticated Remote Code Execution via Arbitrary File Upload
48RISK
open ↗Exploit-DB
Windows 11 25H2 - Heap Overflow
Windows Hyper-V Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISK
open ↗Exploit-DB
Frigate NVR 0.16.3 - Remote Code Execution
Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
48RISK
open ↗Exploit-DB
Windows 11 25H2 - Heap Overflow
Windows Hyper-V Remote Code Execution Vulnerability
41RISK
open ↗Exploit-DB
SUSE Manager 4.3.15 - Code Execution
SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint
53RISK
open ↗Exploit-DB
FUXA 1.2.8 - Authentication Bypass + RCE Exploit
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RISK
open ↗Exploit-DB
Repetier-Server 1.4.10 - Path Traversal
Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
48RISK
open ↗Exploit-DB
Windows 11 23H2 - Denial of Service (DoS)
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
41RISK
open ↗Exploit-DB
NiceGUI 3.6.1 - Path Traversal
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
41RISK
open ↗Exploit-DB
HUSTOJ Zip-Slip v26.01.24 - RCE
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RISK
open ↗Exploit-DB
Js2Py 0.74 - RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISK
open ↗Exploit-DB
JUNG Smart Visu Server 1.1.1050 - Dos
JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication
41RISK
open ↗Exploit-DB
Python-Multipart 0.0.22 - Path Traversal
Python-Multipart has Arbitrary File Write via Non-Default Configuration
41RISK
open ↗Exploit-DB
HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
41RISK
open ↗Exploit-DB
GeographicLib v2.5.1 - stack buffer overflow
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
41RISK
open ↗Exploit-DB
Atlona ATOMERX21 - Authenticated Command Injection
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary comm
33RISK
open ↗Exploit-DB
LangChain Core 1.2.4 - SSTI/RCE
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
53RISK
open ↗Exploit-DB
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open ↗Exploit-DB
phpMyFAQ 4.0.16 - Improper Authorization
phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user
33RISK
open ↗Exploit-DB
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)
41RISK
open ↗Exploit-DB
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
Code Execution / Escalation of Privileges in ThrottleStop
41RISK
open ↗Exploit-DB
React Server 19.2.0 - Remote Code Execution
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗Exploit-DB
FortiWeb 8.0.2 - Remote Code Execution
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗Exploit-DB
Horilla v1.3 - RCE
Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
41RISK
open ↗Exploit-DB
7-Zip 24.00 - Directory Traversal
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open ↗Exploit-DB
Microsoft MMC MSC EvilTwin - Local Admin Creation
Microsoft Management Console Security Feature Bypass Vulnerability
83RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.