Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Roxy Fileman 1.4.5 - Directory Traversal
CVE-2019-1973116 Dec 2019
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary loc
28RISK
open
Exploit-DB
Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)
CVE-2019-6192MEDIUM12 Dec 2019
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a
33RISK
open
Exploit-DB
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
CVE-2019-147611 Dec 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
23RISK
open
Exploit-DB
Apache Olingo OData 4.0 - XML External Entity Injection
CVE-2019-1755411 Dec 2019
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resoluti
28RISK
open
Exploit-DB
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font
CVE-2019-1645111 Dec 2019
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier v
35RISK
open
Exploit-DB
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
CVE-2019-11708CRITICALunder attack07 Dec 2019
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result
90RISK
open
Exploit-DB
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
CVE-2019-981007 Dec 2019
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RISK
open
Exploit-DB
Verot 2.0.3 - Remote Code Execution
CVE-2019-1957606 Dec 2019
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! an
28RISK
open
Exploit-DB
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
CVE-2019-1670206 Dec 2019
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs pa
28RISK
open
Exploit-DB
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
CVE-2019-1562706 Dec 2019
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, w
23RISK
open
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
CVE-2018-902205 Dec 2019
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
28RISK
open
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
CVE-2018-902105 Dec 2019
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
28RISK
open
Exploit-DB
Cisco WLC 2504 8.9 - Denial of Service (PoC)
CVE-2019-15276HIGH04 Dec 2019
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
53RISK
open
Exploit-DB
Revive Adserver 4.2 - Remote Code Execution
CVE-2019-543403 Dec 2019
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() cal
50RISK
open
Exploit-DB
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
CVE-2019-1951603 Dec 2019
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a pa
23RISK
open
Exploit-DB
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
CVE-2019-1429HIGHunder attack22 Nov 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open
Exploit-DB
GNU Mailutils 3.7 - Privilege Escalation
CVE-2019-1886221 Nov 2019
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
23RISK
open
Exploit-DB
Xorg X11 Server - Local Privilege Escalation (Metasploit)
CVE-2018-1466520 Nov 2019
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RISK
open
Exploit-DB
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
CVE-2019-15792HIGH20 Nov 2019
Type confusion in shiftfs
41RISK
open
Exploit-DB
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)
CVE-2019-11539HIGHunder attackransomware20 Nov 2019
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RISK
open
Exploit-DB
Bludit - Directory Traversal Image File Upload (Metasploit)
CVE-2019-1611320 Nov 2019
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISK
open
Exploit-DB
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
CVE-2019-15791HIGH20 Nov 2019
Reference count underflow in shiftfs
41RISK
open
Exploit-DB
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
CVE-2019-1140920 Nov 2019
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerabili
60RISK
open
Exploit-DB
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
CVE-2019-15794HIGH20 Nov 2019
Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
41RISK
open
Exploit-DB
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
CVE-2019-0708CRITICALunder attackransomware19 Nov 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open
Exploit-DB
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
CVE-2019-1742418 Nov 2019
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows re
28RISK
open
Exploit-DB
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
CVE-2019-1675818 Nov 2019
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal tech
28RISK
open
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
CVE-2019-1405HIGHunder attackransomware14 Nov 2019
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISK
open
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
CVE-2019-1322HIGHunder attackransomware14 Nov 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISK
open
Exploit-DB
Xfilesharing 2.5.1 - Arbitrary File Upload
CVE-2019-1895114 Nov 2019
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
28RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.