Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,159cataloged exploits
31,683CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,128VulnCheck XDB 8,069Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
8,069 exploits
VulnCheck XDB
local
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open ↗VulnCheck XDB
initial-access
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RISK
open ↗VulnCheck XDB
infoleak
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the con
60RISK
open ↗VulnCheck XDB
infoleak
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open ↗VulnCheck XDB
local
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open ↗VulnCheck XDB
local
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
initial-access
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISK
open ↗VulnCheck XDB
initial-access
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open ↗VulnCheck XDB
initial-access
WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover
63RISK
open ↗VulnCheck XDB
remote-with-credentials
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported vers
100RISK
open ↗VulnCheck XDB
local
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open ↗VulnCheck XDB
initial-access
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open ↗VulnCheck XDB
remote-with-credentials
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISK
open ↗VulnCheck XDB
initial-access
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open ↗VulnCheck XDB
remote-with-credentials
Windows Print Spooler Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
info-leak
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
75RISK
open ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open ↗VulnCheck XDB
initial-access
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RISK
open ↗VulnCheck XDB
infoleak
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open ↗VulnCheck XDB
initial-access
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting bot
90RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
local
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.