Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RISK
open ↗Exploit-DB
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISK
open ↗Exploit-DB
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A rem
23RISK
open ↗Exploit-DB
SharePoint Workflows - XOML Injection (Metasploit)
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.N
100RISK
open ↗Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open ↗Exploit-DB
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow
100RISK
open ↗Exploit-DB
TP-Link Archer C50 3 - Denial of Service (PoC)
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a
28RISK
open ↗Exploit-DB
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only secur
23RISK
open ↗Exploit-DB
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.
23RISK
open ↗Exploit-DB
UCM6202 1.0.18.13 - Remote Command Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISK
open ↗Exploit-DB
UliCMS 2020.1 - Persistent Cross-Site Scripting
UliCMS before 2020.2 has PageController stored XSS.
23RISK
open ↗Exploit-DB
VMware Fusion 11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
86RISK
open ↗Exploit-DB
Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal
23RISK
open ↗Exploit-DB
ManageEngine Desktop Central - Java Deserialization (Metasploit)
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RISK
open ↗Exploit-DB
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISK
open ↗Exploit-DB
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISK
open ↗Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open ↗Exploit-DB
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php
23RISK
open ↗Exploit-DB
rConfig 3.9 - 'searchColumn' SQL Injection
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISK
open ↗Exploit-DB
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands vi
83RISK
open ↗Exploit-DB
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or
23RISK
open ↗Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmai
33RISK
open ↗Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webma
33RISK
open ↗Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webma
33RISK
open ↗Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmai
33RISK
open ↗Exploit-DB
Joomla! 3.9.0 < 3.9.7 - CSV Injection
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
28RISK
open ↗Exploit-DB
Nagios XI - Authenticated Remote Command Execution (Metasploit)
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISK
open ↗Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RISK
open ↗Exploit-DB
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISK
open ↗Exploit-DB
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.