Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISK
open
Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISK
open
Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISK
open
Referência
XOOPS Module horoscope 2.0 - Remote File Inclusion
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to e
45RISK
open
Referência
CVE-2016-3718
CVE-2016-3718MEDIUMunder attack
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct
85RISK
open
Referência
aiohttp 3.9.1 - directory traversal PoC
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
70RISK
open
Referência
CVE-2018-15133
CVE-2018-15133HIGHunder attack
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISK
open
Referência
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot
70RISK
open
Referência
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISK
open
Referência
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISK
open
Referência
TikiWiki 1.9.8 - Remote PHP Injection
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f ar
60RISK
open
Referência
CVE-2018-8065
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISK
open
Referência
CVE-2019-15978
Cisco Data Center Network Manager Command Injection Vulnerabilities
53RISK
open
Referência
CVE-2018-9160
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RISK
open
Referência
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
60RISK
open
Referência
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
60RISK
open
Referência
CVE-2018-12710
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (whi
45RISK
open
Referência
CVE-2010-2156
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit)
60RISK
open
Referência
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISK
open
Referência
CVE-2014-3791
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code
60RISK
open
Referência
CVE-2022-1162
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE
85RISK
open
Referência
CVE-2013-5486
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager
60RISK
open
Referência
CVE-2019-1003030
CVE-2019-1003030CRITICALunder attack
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
100RISK
open
Referência
CVE-2023-32243
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
85RISK
open
Referência
Microsoft Internet Explorer 6/7 - XML Core Services Remote Code Execution (1)
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML
60RISK
open
Referência
CVE-2015-0016
CVE-2015-0016HIGHunder attack
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISK
open
Referência
CVE-2015-0016
CVE-2015-0016HIGHunder attack
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISK
open
Referência
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISK
open
Referência
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISK
open
Referência
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.