Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Trixbox 2.8.0.4 - 'lang' Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RISK
open ↗Exploit-DB
Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISK
open ↗Exploit-DB
WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
23RISK
open ↗Exploit-DB
Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access
35RISK
open ↗Exploit-DB
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Exploit-DB
Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
28RISK
open ↗Exploit-DB
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)
23RISK
open ↗Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISK
open ↗Exploit-DB
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
98RISK
open ↗Exploit-DB
Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Exploit-DB
WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
38RISK
open ↗Exploit-DB
Microsoft Exchange 2019 - Unauthenticated Email Download
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Exploit-DB
Subrion CMS 4.2.1 - Arbitrary File Upload
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, beca
50RISK
open ↗Exploit-DB
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RISK
open ↗Exploit-DB
IPFire 2.25 - Remote Code Execution (Authenticated)
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open ↗Exploit-DB
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a paramete
46RISK
open ↗Exploit-DB
ZeroShell 3.9.0 - Remote Command Execution
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web ap
60RISK
open ↗Exploit-DB
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open ↗Exploit-DB
Firefox 72 IonMonkey - JIT Type Confusion
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are
83RISK
open ↗Exploit-DB
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to g
28RISK
open ↗Exploit-DB
b2evolution 7-2-2 - 'cf_name' SQL Injection
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive dat
23RISK
open ↗Exploit-DB
Piwigo 11.3.0 - 'language' SQL
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
28RISK
open ↗Exploit-DB
Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported vers
38RISK
open ↗Exploit-DB
GNU Wget < 1.18 - Arbitrary File Upload (2)
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISK
open ↗Exploit-DB
Cacti 1.2.12 - 'filter' SQL Injection
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISK
open ↗Exploit-DB
Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
Cross-site scripting (XSS) from unsanitized uploaded SVG files
41RISK
open ↗Exploit-DB
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads
28RISK
open ↗Exploit-DB
DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Cont
23RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.