Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Klog Server 2.4.1 - Command Injection (Unauthenticated)
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open ↗Exploit-DB
Wordpress Core 5.2.2 - 'post previews' XSS
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
23RISK
open ↗Exploit-DB
Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the A
33RISK
open ↗Exploit-DB
Subrion CMS 4.2.1 - 'avatar[path]' XSS
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the
23RISK
open ↗Exploit-DB
Advanced Comment System 1.0 - 'ACS_path' Path Traversal
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=.
43RISK
open ↗Exploit-DB
GitLab 11.4.7 - RCE (Authenticated) (2)
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection
28RISK
open ↗Exploit-DB
GitLab 11.4.7 - RCE (Authenticated) (2)
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an
28RISK
open ↗Exploit-DB
Spiceworks 7.5 - HTTP Header Injection
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious we
23RISK
open ↗Exploit-DB
SCO Openserver 5.0.7 - 'section' Reflected XSS
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote at
38RISK
open ↗Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table &
23RISK
open ↗Exploit-DB
SCO Openserver 5.0.7 - 'outputform' Command Injection
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in ou
35RISK
open ↗Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Tab
23RISK
open ↗Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Cha
23RISK
open ↗Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table
23RISK
open ↗Exploit-DB
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
23RISK
open ↗Exploit-DB
Nxlog Community Edition 2.10.2150 - DoS (Poc)
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of
23RISK
open ↗Exploit-DB
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISK
open ↗Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISK
open ↗Exploit-DB
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection
28RISK
open ↗Exploit-DB
Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via '
23RISK
open ↗Exploit-DB
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an
28RISK
open ↗Exploit-DB
Jenkins 2.235.3 - 'Description' Stored XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in
45RISK
open ↗Exploit-DB
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a sto
23RISK
open ↗Exploit-DB
Rukovoditel 2.6.1 - RCE (1)
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve
28RISK
open ↗Exploit-DB
SmarterMail Build 6985 - Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISK
open ↗Exploit-DB
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RISK
open ↗Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a
28RISK
open ↗Exploit-DB
Chromium 83 - Full CSP Bypass
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy
28RISK
open ↗Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a
28RISK
open ↗Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make
43RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.