Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
CVE-2019-19781CRITICALunder attackransomware16 Jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Exploit-DB
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
CVE-2019-2020416 Jan 2020
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginn
23RISK
open
Exploit-DB
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
CVE-2020-209616 Jan 2020
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a ref
60RISK
open
Exploit-DB
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
CVE-2020-0601HIGHunder attack15 Jan 2020
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
93RISK
open
Exploit-DB
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
CVE-2019-3929CRITICALunder attack15 Jan 2020
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RISK
open
Exploit-DB
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
CVE-2019-19781CRITICALunder attackransomware13 Jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Exploit-DB
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
CVE-2019-1885913 Jan 2020
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
23RISK
open
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
CVE-2019-1978MEDIUM11 Jan 2020
Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability
33RISK
open
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
CVE-2019-19781CRITICALunder attackransomware11 Jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open
Exploit-DB
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
CVE-2020-6756CRITICAL10 Jan 2020
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to re
53RISK
open
Exploit-DB
TotalAV 2020 4.14.31 - Privilege Escalation
CVE-2019-1819410 Jan 2020
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junctio
23RISK
open
Exploit-DB
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
CVE-2019-2729CRITICAL09 Jan 2020
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
85RISK
open
Exploit-DB
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
CVE-2017-362308 Jan 2020
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported ve
28RISK
open
Exploit-DB
JetBrains TeamCity 2018.2.4 - Remote Code Execution
CVE-2019-1503908 Jan 2020
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in
28RISK
open
Exploit-DB
Cisco DCNM JBoss 10.4 - Credential Leakage
CVE-2019-15999MEDIUM08 Jan 2020
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
33RISK
open
Exploit-DB
piSignage 2.6.4 - Directory Traversal
CVE-2019-2035407 Jan 2020
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user)
23RISK
open
Exploit-DB
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
CVE-2019-1215HIGHunder attackransomware07 Jan 2020
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Win
76RISK
open
Exploit-DB
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
CVE-2019-1184MEDIUM02 Jan 2020
Windows Elevation of Privilege Vulnerability
55RISK
open
Exploit-DB
nostromo 1.9.6 - Remote Code Execution
CVE-2019-16278CRITICALunder attack01 Jan 2020
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISK
open
Exploit-DB
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
CVE-2018-438631 Dec 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iO
23RISK
open
Exploit-DB
FreeBSD-SA-19:02.fd - Privilege Escalation
CVE-2019-559630 Dec 2019
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEAS
23RISK
open
Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
CVE-2019-1322HIGHunder attackransomware30 Dec 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISK
open
Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
CVE-2019-1405HIGHunder attackransomware30 Dec 2019
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISK
open
Exploit-DB
OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
CVE-2019-1972630 Dec 2019
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISK
open
Exploit-DB
Django < 3.0 < 2.2 < 1.11 - Account Hijack
CVE-2019-1984424 Dec 2019
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address
35RISK
open
Exploit-DB
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
CVE-2019-1936818 Dec 2019
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker ca
43RISK
open
Exploit-DB
OpenMRS - Java Deserialization RCE (Metasploit)
CVE-2018-19276CRITICAL18 Dec 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISK
open
Exploit-DB
Telerik UI - Remote Code Execution via Insecure Deserialization
CVE-2019-18935CRITICALunder attackransomware18 Dec 2019
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open
Exploit-DB
OpenBSD 6.x - Dynamic Loader Privilege Escalation
CVE-2019-1972616 Dec 2019
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISK
open
Exploit-DB
Roxy Fileman 1.4.5 - Directory Traversal
CVE-2019-1973116 Dec 2019
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary loc
28RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.