Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Joomla com_contenthistory Error-Based SQL Injection
CVE-2015-729722 Oct 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RISK
open
Metasploit0
Safari User-Assisted Applescript Exec Attack
CVE-2015-700716 Oct 2015
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement f
50RISK
open
Metasploit300
Limesurvey Unauthenticated File Download
CVE-2025-34120HIGH12 Oct 2015
LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
36RISK
open
Metasploit600
Wordpress Ajax Load More PHP Upload Vulnerability
CVE-2015-10140HIGH10 Oct 2015
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion
36RISK
open
Metasploit300
ManageEngine ServiceDesk Plus Path Traversal
CVE-2011-275703 Oct 2015
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remot
50RISK
open
Metasploit300
PDF Shaper Buffer Overflow
CVE-2025-34106HIGH03 Oct 2015
PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
36RISK
open
Metasploit300
Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write
CVE-2015-761101 Oct 2015
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RISK
open
Metasploit300
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
CVE-2015-588901 Oct 2015
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors inv
38RISK
open
Metasploit300
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
CVE-2015-760228 Sep 2015
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISK
open
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2016-171328 Sep 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
43RISK
open
Metasploit300
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
CVE-2015-760128 Sep 2015
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISK
open
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2015-600028 Sep 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
50RISK
open
Metasploit600
Kaseya VSA uploader.aspx Arbitrary File Upload
CVE-2015-692223 Sep 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISK
open
Metasploit300
Kaseya VSA Master Administrator Account Creation
CVE-2015-692223 Sep 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISK
open
Metasploit300
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
CVE-2015-760322 Sep 2015
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via
50RISK
open
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776614 Sep 2015
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL q
60RISK
open
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776514 Sep 2015
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a
50RISK
open
Metasploit600
MS15-100 Microsoft Windows Media Center MCL Vulnerability
CVE-2015-250908 Sep 2015
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remo
60RISK
open
Metasploit600
F5 iControl iCall::Script Root Command Execution
CVE-2015-362803 Sep 2015
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.
50RISK
open
Metasploit600
Nibbleblog File Upload Vulnerability
CVE-2015-696701 Sep 2015
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to
50RISK
open
Metasploit300
Boxoft WAV to MP3 Converter v1.1 Buffer Overflow
CVE-2015-724331 Aug 2015
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISK
open
Metasploit600
phpFileManager 0.9.8 Remote Code Execution
CVE-2015-595828 Aug 2015
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
23RISK
open
Metasploit600
WordPress Responsive Thumbnail Slider Arbitrary File Upload
CVE-2015-10144HIGH28 Aug 2015
Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
36RISK
open
Metasploit300
Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow
CVE-2015-776823 Aug 2015
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD comma
50RISK
open
Metasploit600
MVPower DVR Shell Unauthenticated Command Execution
CVE-2016-20016CRITICAL23 Aug 2015
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /
85RISK
open
Metasploit600
ManageEngine ServiceDesk Plus Arbitrary File Upload
CVE-2019-8394HIGHunder attack20 Aug 2015
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l
98RISK
open
Metasploit600
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
CVE-2015-183019 Aug 2015
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
60RISK
open
Metasploit300
WordPress Symposium Plugin SQL Injection
CVE-2015-652218 Aug 2015
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbi
60RISK
open
Metasploit600
CMS Bolt File Upload Vulnerability
CVE-2015-730917 Aug 2015
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authent
50RISK
open
Metasploit300
Android Stagefright MP4 tx3g Integer Overflow
CVE-2015-386413 Aug 2015
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.