Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
CVE-2018-17463HIGHunder attack09 Mar 2020
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RISK
open
Exploit-DB
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
CVE-2020-6418HIGHunder attack09 Mar 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corru
100RISK
open
Exploit-DB
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
CVE-2019-5825MEDIUMunder attack09 Mar 2020
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISK
open
Exploit-DB
PHP-FPM - Underflow Remote Code Execution (Metasploit)
CVE-2019-11043HIGHunder attackransomware09 Mar 2020
Underflow in PHP-FPM can lead to RCE
100RISK
open
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865605 Mar 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISK
open
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865405 Mar 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISK
open
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8657CRITICALunder attack05 Mar 2020
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISK
open
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8655HIGHunder attack05 Mar 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISK
open
Exploit-DB
Exchange Control Panel - Viewstate Deserialization (Metasploit)
CVE-2020-0688HIGHunder attackransomware05 Mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISK
open
Exploit-DB
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
CVE-2019-1458HIGHunder attackransomware03 Mar 2020
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISK
open
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877603 Mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a
23RISK
open
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877703 Mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo,
23RISK
open
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877803 Mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,
23RISK
open
Exploit-DB
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
CVE-2020-861502 Mar 2020
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a
38RISK
open
Exploit-DB
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
CVE-2019-1914202 Mar 2020
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmwa
23RISK
open
Exploit-DB
Joplin Desktop 1.0.184 - Cross-Site Scripting
CVE-2020-903802 Mar 2020
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
23RISK
open
Exploit-DB
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CVE-2020-801202 Mar 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RISK
open
Exploit-DB
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
CVE-2019-1914302 Mar 2020
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi
23RISK
open
Exploit-DB
TP LINK TL-WR849N - Remote Code Execution
CVE-2020-937402 Mar 2020
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploit
35RISK
open
Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CVE-2020-0688HIGHunder attackransomware02 Mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISK
open
Exploit-DB
qdPM < 9.1 - Remote Code Execution
CVE-2020-724628 Feb 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open
Exploit-DB
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
CVE-2020-879426 Feb 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISK
open
Exploit-DB
Go SSH servers 0.0.2 - Denial of Service (PoC)
CVE-2020-928324 Feb 2020
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the
28RISK
open
Exploit-DB
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
CVE-2019-1977424 Feb 2020
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetai
28RISK
open
Exploit-DB
Android Binder - Use-After-Free (Metasploit)
CVE-2019-2215HIGHunder attack24 Feb 2020
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open
Exploit-DB
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
CVE-2015-761124 Feb 2020
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RISK
open
Exploit-DB
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
CVE-2019-7004MEDIUM24 Feb 2020
Avaya IP Office XSS Vulnerability
33RISK
open
Exploit-DB
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
CVE-2020-1938CRITICALunder attack20 Feb 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
Exploit-DB
Anviz CrossChex - Buffer Overflow (Metasploit)
CVE-2019-1251817 Feb 2020
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISK
open
Exploit-DB
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
CVE-2020-0683HIGHunder attack17 Feb 2020
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
71RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.