Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit0
Google Chrome 72 and 73 Array.map exploit
CVE-2019-5825MEDIUMunder attack07 Mar 2019
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISK
open
Metasploit400
Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution
CVE-2019-1663CRITICAL27 Feb 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Metasploit600
elFinder PHP Connector exiftran Command Injection
CVE-2019-919426 Feb 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open
Metasploit300
Drupal RESTful Web Services unserialize() RCE
CVE-2019-6340HIGHunder attack20 Feb 2019
Drupal core - Highly critical - Remote Code Execution
100RISK
open
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894219 Feb 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISK
open
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894319 Feb 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISK
open
Metasploit300
Total.js prior to 3.2.4 Directory Traversal
CVE-2019-890318 Feb 2019
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RISK
open
Metasploit600
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
CVE-2018-20250HIGHunder attackransomware05 Feb 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Metasploit300
OpenMRS Java Deserialization RCE
CVE-2018-19276CRITICAL04 Feb 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISK
open
Metasploit600
Schneider Electric Pelco Endura NET55XX Encoder
CVE-2019-681425 Jan 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISK
open
Metasploit300
Cisco RV320/RV326 Configuration Disclosure
CVE-2019-1653HIGHunder attack24 Jan 2019
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISK
open
Metasploit300
Microsoft Exchange Privilege Escalation Exploit
CVE-2019-072421 Jan 2019
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
23RISK
open
Metasploit600
Webmin Upload Authenticated RCE
CVE-2019-962417 Jan 2019
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow
43RISK
open
Metasploit600
BMC Patrol Agent Privilege Escalation Cmd Execution
CVE-2018-2073517 Jan 2019
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RISK
open
Metasploit300
ES File Explorer Open Port
CVE-2019-644716 Jan 2019
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300108 Jan 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300508 Jan 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
23RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-1003029CRITICALunder attack08 Jan 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
100RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300208 Jan 2019
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2018-1000861CRITICALunder attack08 Jan 2019
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RISK
open
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300008 Jan 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISK
open
Metasploit0
Docker Container Escape Via runC Overwrite
CVE-2019-573601 Jan 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISK
open
Metasploit600
Mailcleaner Remote Code Execution
CVE-2018-2032319 Dec 2018
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitra
30RISK
open
Metasploit600
LibreNMS addhost Command Injection
CVE-2018-2043416 Dec 2018
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISK
open
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2019-9082HIGHunder attack10 Dec 2018
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2018-20062CRITICALunder attack10 Dec 2018
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISK
open
Metasploit600
Cisco Prime Infrastructure Runrshell Privilege Escalation
CVE-2018-15439CRITICAL08 Dec 2018
Cisco Small Business Switches Privileged Access Vulnerability
55RISK
open
Metasploit500
Linux Nested User Namespace idmap Limit Local Privilege Escalation
CVE-2018-1895515 Nov 2018
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISK
open
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1571014 Nov 2018
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISK
open
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1570814 Nov 2018
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.