Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,841 exploits
Referência
CVE-2017-14147
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to ea
35RISK
open
Referência
CVE-2017-14147
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to ea
35RISK
open
Referência
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which al
50RISK
open
Referência
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which al
50RISK
open
Referência
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which al
50RISK
open
Referência
CVE-2011-3175
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allo
50RISK
open
Referência
CVE-2018-0860
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remot
35RISK
open
Referência
CVE-2018-0837
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remot
35RISK
open
Referência
CVE-2018-0835
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remot
35RISK
open
Referência
CVE-2018-0838
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remot
35RISK
open
Referência
CVE-2018-6328
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, w
50RISK
open
Referência
CVE-2018-6328
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, w
50RISK
open
Referência
CVE-2009-4988
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote atta
50RISK
open
Referência
CVE-2018-0767
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain info
35RISK
open
Referência
CVE-2017-11911
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code i
35RISK
open
Referência
CVE-2017-11909
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code i
35RISK
open
Referência
CVE-2017-11811
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker
35RISK
open
Referência
Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before
50RISK
open
Referência
CVE-2012-3399
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the
50RISK
open
Referência
CVE-2011-3322
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows
50RISK
open
Referência
CVE-2024-3272
CVE-2024-3272CRITICALunder attack
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials
100RISK
open
Referência
TFTP Server for Windows 1.4 - ST Remote BSS Overflow
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execut
50RISK
open
Referência
CVE-2018-7297
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers
35RISK
open
Referência
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RISK
open
Referência
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RISK
open
Referência
CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, beca
50RISK
open
Referência
CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, beca
50RISK
open
Referência
CVE-2019-0211
CVE-2019-0211HIGHunder attack
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open
Referência
CVE-2019-0211
CVE-2019-0211HIGHunder attack
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open
Referência
CVE-2019-0211
CVE-2019-0211HIGHunder attack
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.