Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
8,069 exploits
VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗VulnCheck XDB
initial-access
MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
33RISK
open ↗VulnCheck XDB
denial-of-service
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISK
open ↗VulnCheck XDB
initial-access
Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root
53RISK
open ↗VulnCheck XDB
client-side
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗VulnCheck XDB
remote-with-credentials
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISK
open ↗VulnCheck XDB
initial-access
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF
90RISK
open ↗VulnCheck XDB
initial-access
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0
100RISK
open ↗VulnCheck XDB
local
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISK
open ↗VulnCheck XDB
remote-with-credentials
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open ↗VulnCheck XDB
client-side
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗VulnCheck XDB
initial-access
MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
63RISK
open ↗VulnCheck XDB
initial-access
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISK
open ↗VulnCheck XDB
remote-with-credentials
Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
75RISK
open ↗VulnCheck XDB
remote-with-credentials
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RISK
open ↗VulnCheck XDB
local
Windows Common Log File System Driver Elevation of Privilege Vulnerability
46RISK
open ↗VulnCheck XDB
info-leak
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open ↗VulnCheck XDB
remote-with-credentials
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISK
open ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗VulnCheck XDB
local
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗VulnCheck XDB
denial-of-service
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.