Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0147HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0143HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0148HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0146HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0143HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0143HIGHunder attackransomware14 Mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Metasploit400
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVE-2017-1652414 Mar 2017
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
50RISK
open
Metasploit400
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVE-2015-827914 Mar 2017
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
30RISK
open
Metasploit300
DnaLIMS Directory Traversal
CVE-2017-652708 Mar 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal att
50RISK
open
Metasploit600
dnaLIMS Admin Module Command Execution
CVE-2017-652608 Mar 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution throug
50RISK
open
Metasploit600
Apache Struts Jakarta Multipart Parser OGNL Injection
CVE-2017-5638CRITICALunder attackransomware07 Mar 2017
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open
Metasploit300
Easy File Sharing FTP Server 3.6 Directory Traversal
CVE-2017-651007 Mar 2017
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker t
23RISK
open
Metasploit300
FTPShell client 6.70 (Enterprise edition) Stack Buffer Overflow
CVE-2018-757304 Mar 2017
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with t
50RISK
open
Metasploit600
DC/OS Marathon UI Docker Exploit
CVE-2017-20198CRITICAL03 Mar 2017
DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
43RISK
open
Metasploit300
SysGauge 1.5.18 SMTP Validation Buffer Overflow
CVE-2017-641628 Feb 2017
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arb
23RISK
open
Metasploit600
Logsign Remote Command Injection
CVE-2024-5721HIGH26 Feb 2017
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
36RISK
open
Metasploit600
Netgear DGN2200 dnslookup.cgi Command Injection
CVE-2017-6334HIGHunder attack25 Feb 2017
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RISK
open
Metasploit300
Kodi 17.0 Local File Inclusion Vulnerability
CVE-2017-598212 Feb 2017
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files v
40RISK
open
Metasploit600
Piwik Superuser Plugin Upload
CVE-2025-34104CRITICAL05 Feb 2017
Piwik Authenticated RCE via Custom Plugin Upload
43RISK
open
Metasploit300
Postfixadmin Protected Alias Deletion Vulnerability
CVE-2017-593003 Feb 2017
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected al
23RISK
open
Metasploit300
WordPress REST API Content Injection
CVE-2017-100100001 Feb 2017
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in Wor
40RISK
open
Metasploit600
AlienVault OSSIM/USM Remote Code Execution
CVE-2016-858231 Jan 2017
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbit
50RISK
open
Metasploit600
Haraka SMTP Command Injection
CVE-2016-100028226 Jan 2017
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlie
23RISK
open
Metasploit600
Oracle Weblogic Server Deserialization RCE - RMI UnicastRef
CVE-2017-324825 Jan 2017
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISK
open
Metasploit300
Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE
CVE-2017-1151724 Jan 2017
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote at
43RISK
open
Metasploit300
Advantech WebAccess 8.1 Post Authentication Credential Collector
CVE-2016-581021 Jan 2017
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive
23RISK
open
Metasploit500
Cisco WebEx Chrome Extension RCE (CVE-2017-3823)
CVE-2017-382321 Jan 2017
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
23RISK
open
Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
CVE-2017-639815 Jan 2017
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user
30RISK
open
Metasploit400
Debian/Ubuntu ntfs-3g Local Privilege Escalation
CVE-2017-0358HIGH05 Jan 2017
ntfs-3g: Modprobe influence vulnerability via environment variables
56RISK
open
Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
CVE-2017-1837026 Dec 2016
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in t
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.