Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3132922 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
23RISK
open
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003922 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RISK
open
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003422 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
23RISK
open
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3004222 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Cont
23RISK
open
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003022 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
23RISK
open
Exploit-DB
RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
CVE-2021-3004421 Apr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
23RISK
open
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)
CVE-2021-2567921 Apr 2021
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. T
23RISK
open
Exploit-DB
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
CVE-2021-3115221 Apr 2021
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can ena
23RISK
open
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
CVE-2021-2568121 Apr 2021
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. T
28RISK
open
Exploit-DB
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
CVE-2021-21425CRITICAL21 Apr 2021
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISK
open
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)
CVE-2021-2568021 Apr 2021
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These
23RISK
open
Exploit-DB
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
CVE-2020-1550015 Apr 2021
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RISK
open
Exploit-DB
Horde Groupware Webmail 5.2.22 - Stored XSS
CVE-2021-2692915 Apr 2021
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library befor
23RISK
open
Exploit-DB
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
CVE-2021-3063715 Apr 2021
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
23RISK
open
Exploit-DB
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
CVE-2021-2900314 Apr 2021
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacter
35RISK
open
Exploit-DB
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
CVE-2021-2792814 Apr 2021
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, a
35RISK
open
Exploit-DB
jQuery 1.0.3 - Cross-Site Scripting (XSS)
CVE-2020-11023MEDIUMunder attack14 Apr 2021
Potential XSS vulnerability in jQuery
85RISK
open
Exploit-DB
jQuery 1.2 - Cross-Site Scripting (XSS)
CVE-2020-11022MEDIUM14 Apr 2021
jQuery has a potential XSS vulnerability
55RISK
open
Exploit-DB
CITSmart ITSM 9.1.2.22 - LDAP Injection
CVE-2020-3577514 Apr 2021
CITSmart before 9.1.2.23 allows LDAP Injection.
28RISK
open
Exploit-DB
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
CVE-2021-2814214 Apr 2021
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
23RISK
open
Exploit-DB
ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
CVE-2020-2923813 Apr 2021
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensi
28RISK
open
Exploit-DB
vsftpd 2.3.4 - Backdoor Command Execution
CVE-2011-252312 Apr 2021
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
Exploit-DB
PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
CVE-2020-1516009 Apr 2021
Blind SQL Injection in PrestaShop
28RISK
open
Exploit-DB
Composr 10.0.36 - Remote Code Execution
CVE-2021-3014908 Apr 2021
Composr 10.0.36 allows upload and execution of PHP files.
28RISK
open
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235108 Apr 2021
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via a
23RISK
open
Exploit-DB
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
CVE-2021-3014708 Apr 2021
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
23RISK
open
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235208 Apr 2021
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adja
23RISK
open
Exploit-DB
Composr CMS 10.0.36 - Cross Site Scripting
CVE-2021-3015007 Apr 2021
Composr 10.0.36 allows XSS in an XML script.
23RISK
open
Exploit-DB
Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
CVE-2020-5377CRITICAL07 Apr 2021
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RISK
open
Exploit-DB
Google Chrome 86.0.4240 V8 - Remote Code Execution
CVE-2020-1604006 Apr 2021
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.