Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Path Traversal in Oracle GlassFish Server Open Source Edition
CVE-2017-100002808 Aug 2015
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RISK
open
Metasploit300
PCMAN FTP Server Buffer Overflow - PUT Command
CVE-2013-473007 Aug 2015
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USE
50RISK
open
Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
CVE-2015-462401 Aug 2015
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RISK
open
Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
CVE-2015-462401 Aug 2015
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RISK
open
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148631 Jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers t
50RISK
open
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148731 Jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
50RISK
open
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148931 Jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
43RISK
open
Metasploit300
Heroes of Might and Magic III .h3m Map file Buffer Overflow
CVE-2025-34124HIGH29 Jul 2015
Heroes of Might and Magic III .h3m Map File Buffer Overflow
36RISK
open
Metasploit300
BIND TKEY Query Denial of Service
CVE-2015-547728 Jul 2015
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open
Metasploit300
Moxa Device Credential Retrieval
CVE-2016-9361CRITICAL28 Jul 2015
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52
48RISK
open
Metasploit500
Libuser roothelper Privilege Escalation
CVE-2015-324624 Jul 2015
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly mod
38RISK
open
Metasploit500
Libuser roothelper Privilege Escalation
CVE-2015-324524 Jul 2015
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in t
38RISK
open
Metasploit500
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
CVE-2015-376021 Jul 2015
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to g
18RISK
open
Metasploit0
ManageEngine EventLog Analyzer Remote Code Execution
CVE-2015-738711 Jul 2015
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RISK
open
Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
CVE-2015-2426HIGHunder attack11 Jul 2015
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2
100RISK
open
Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
CVE-2015-243311 Jul 2015
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wi
43RISK
open
Metasploit600
Accellion FTA getStatus verify_oauth_token Command Execution
CVE-2015-285710 Jul 2015
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RISK
open
Metasploit300
Accellion FTA 'statecode' Cookie Arbitrary File Read
CVE-2015-285610 Jul 2015
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices
30RISK
open
Metasploit600
X11 Keyboard Command Injection
CVE-1999-052610 Jul 2015
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
23RISK
open
Metasploit500
Western Digital Arkeia Remote Code Execution
CVE-2015-770910 Jul 2015
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to b
60RISK
open
Metasploit300
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
CVE-2015-179309 Jul 2015
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
50RISK
open
Metasploit500
Adobe Flash Player ByteArray Use After Free
CVE-2015-5119HIGHunder attack06 Jul 2015
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.
100RISK
open
Metasploit500
Adobe Flash opaqueBackground Use After Free
CVE-2015-5122HIGHunder attack06 Jul 2015
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
100RISK
open
Metasploit500
Apple OS X Entitlements Rootpipe Privilege Escalation
CVE-2015-367301 Jul 2015
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allow
38RISK
open
Metasploit600
Watchguard XCS Remote Command Execution
CVE-2015-545329 Jun 2015
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell
50RISK
open
Metasploit400
Pallete Projects Werkzeug Debugger Remote Code Execution
CVE-2024-34069HIGH28 Jun 2015
Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
36RISK
open
Metasploit600
Endian Firewall Proxy Password Change Command Injection
CVE-2015-508228 Jun 2015
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW
50RISK
open
Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
CVE-2015-3113HIGHunder attack23 Jun 2015
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows an
100RISK
open
Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
CVE-2015-3043HIGHunder attack23 Jun 2015
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
100RISK
open
Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
CVE-2015-322416 Jun 2015
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.