Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Saltstack 3000.1 - Remote Code Execution
CVE-2020-11652MEDIUMunder attack05 May 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open
Exploit-DB
Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)
CVE-2016-4437CRITICALunder attack01 May 2020
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISK
open
Exploit-DB
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
CVE-2019-023501 May 2020
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
35RISK
open
Exploit-DB
Druva inSync Windows Client 6.5.2 - Local Privilege Escalation
CVE-2019-399929 Apr 2020
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, u
38RISK
open
Exploit-DB
Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)
CVE-2019-15752HIGHunder attack28 Apr 2020
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
91RISK
open
Exploit-DB
Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
CVE-2020-1224227 Apr 2020
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in
23RISK
open
Exploit-DB
Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
CVE-2020-2944HIGH21 Apr 2020
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported version
41RISK
open
Exploit-DB
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
CVE-2020-5847CRITICALunder attack20 Apr 2020
Unraid through 6.8.0 allows Remote Code Execution.
100RISK
open
Exploit-DB
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
CVE-2020-5849HIGHunder attack20 Apr 2020
Unraid 6.8.0 allows authentication bypass.
100RISK
open
Exploit-DB
Nexus Repository Manager - Java EL Injection RCE (Metasploit)
CVE-2020-10199HIGHunder attack17 Apr 2020
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RISK
open
Exploit-DB
Cisco IP Phone 11.7 - Denial of service (PoC)
CVE-2020-3161CRITICALunder attack17 Apr 2020
Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability
100RISK
open
Exploit-DB
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644CRITICALunder attack16 Apr 2020
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RISK
open
Exploit-DB
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
CVE-2020-10882HIGH16 Apr 2020
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Arch
68RISK
open
Exploit-DB
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-15811HIGHunder attack16 Apr 2020
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
100RISK
open
Exploit-DB
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-18325HIGHunder attack16 Apr 2020
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RISK
open
Exploit-DB
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-1581216 Apr 2020
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expect
50RISK
open
Exploit-DB
VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
CVE-2020-3950HIGHunder attack16 Apr 2020
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
86RISK
open
Exploit-DB
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
CVE-2020-10883MEDIUM16 Apr 2020
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware
48RISK
open
Exploit-DB
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
CVE-2019-17558HIGHunder attack16 Apr 2020
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISK
open
Exploit-DB
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
CVE-2018-20062CRITICALunder attack16 Apr 2020
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISK
open
Exploit-DB
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2017-9822HIGHunder attackransomware16 Apr 2020
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RISK
open
Exploit-DB
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-1832616 Apr 2020
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expect
50RISK
open
Exploit-DB
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
CVE-2020-7961CRITICALunder attack16 Apr 2020
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISK
open
Exploit-DB
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
CVE-2020-10884HIGH16 Apr 2020
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer
61RISK
open
Exploit-DB
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
CVE-2019-9082HIGHunder attack16 Apr 2020
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open
Exploit-DB
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
CVE-2020-2555CRITICALunder attack14 Apr 2020
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISK
open
Exploit-DB
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
CVE-2019-1638313 Apr 2020
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 a
23RISK
open
Exploit-DB
TVT NVMS 1000 - Directory Traversal
CVE-2019-20085HIGHunder attack13 Apr 2020
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RISK
open
Exploit-DB
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
CVE-2020-5735HIGHunder attack08 Apr 2020
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacke
83RISK
open
Exploit-DB
WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
CVE-2019-18426HIGHunder attack06 Apr 2020
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.
83RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.