Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensiti
23RISK
open ↗Exploit-DB
OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote
28RISK
open ↗Exploit-DB
Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are
38RISK
open ↗Exploit-DB
Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The
43RISK
open ↗Exploit-DB
OpenEMR 5.0.0 - Remote Code Execution (Authenticated)
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code
28RISK
open ↗Exploit-DB
Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF)
Microsoft SharePoint Server Spoofing Vulnerability
41RISK
open ↗Exploit-DB
Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
23RISK
open ↗Exploit-DB
WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF
Database Backups <= 1.2.2.6 - CSRF to Backup Download
23RISK
open ↗Exploit-DB
Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mecha
23RISK
open ↗Exploit-DB
WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RISK
open ↗Exploit-DB
Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RISK
open ↗Exploit-DB
Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open ↗Exploit-DB
Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated)
Twig allowing dangerous PHP functions by default
53RISK
open ↗Exploit-DB
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open ↗Exploit-DB
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but
28RISK
open ↗Exploit-DB
CHIYU IoT Devices - Denial of Service (DoS)
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including B
35RISK
open ↗Exploit-DB
CHIYU IoT Devices - 'Telnet' Authentication Bypass
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Tec
35RISK
open ↗Exploit-DB
FUDForum 3.1.0 - 'srch' Reflected XSS
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISK
open ↗Exploit-DB
Seo Panel 4.8.0 - 'from_time' Reflected XSS
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and th
23RISK
open ↗Exploit-DB
4Images 1.8 - 'redirect' Reflected XSS
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to in
23RISK
open ↗Exploit-DB
FUDForum 3.1.0 - 'author' Reflected XSS
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISK
open ↗Exploit-DB
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RISK
open ↗Exploit-DB
Products.PluggableAuthService 2.6.0 - Open Redirect
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
33RISK
open ↗Exploit-DB
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISK
open ↗Exploit-DB
GetSimple CMS 3.3.4 - Information Disclosure
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<user
28RISK
open ↗Exploit-DB
Seo Panel 4.8.0 - 'category' Reflected XSS
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and
23RISK
open ↗Exploit-DB
Seo Panel 4.8.0 - 'search_name' Reflected XSS
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and t
23RISK
open ↗Exploit-DB
LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
60RISK
open ↗Exploit-DB
Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.