Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Mida eFramework 2.8.9 - Remote Code Execution
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE)
35RISK
open ↗Exploit-DB
Joplin 1.0.245 - Arbitrary Code Execution (PoC)
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
23RISK
open ↗Exploit-DB
MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
23RISK
open ↗Exploit-DB
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISK
open ↗Exploit-DB
BlackCat CMS 1.3.6 - Cross-Site Request Forgery
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote
23RISK
open ↗Exploit-DB
Mida eFramework 2.9.0 - Back Door Access
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restric
28RISK
open ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page ma
23RISK
open ↗Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISK
open ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php woul
23RISK
open ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.
23RISK
open ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with th
23RISK
open ↗Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
35RISK
open ↗Exploit-DB
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RISK
open ↗Exploit-DB
Piwigo 2.10.1 - Cross Site Scripting
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
28RISK
open ↗Exploit-DB
ThinkAdmin 6 - Arbitrarily File Read
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RISK
open ↗Exploit-DB
ZTE Router F602W - Captcha Bypass
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could lo
23RISK
open ↗Exploit-DB
CuteNews 2.1.2 - Remote Code Execution
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISK
open ↗Exploit-DB
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in
35RISK
open ↗Exploit-DB
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve
28RISK
open ↗Exploit-DB
Mida eFramework 2.9.0 - Remote Code Execution
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISK
open ↗Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISK
open ↗Exploit-DB
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many
40RISK
open ↗Exploit-DB
Artica Proxy 4.3.0 - Authentication Bypass
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISK
open ↗Exploit-DB
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer
28RISK
open ↗Exploit-DB
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RISK
open ↗Exploit-DB
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISK
open ↗Exploit-DB
Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.
23RISK
open ↗Exploit-DB
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISK
open ↗Exploit-DB
pfSense 2.4.4-p3 - Cross-Site Request Forgery
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executi
35RISK
open ↗Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.