Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,166cataloged exploits
31,689CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,135VulnCheck XDB 8,069Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
8,069 exploits
VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗VulnCheck XDB
remote-with-credentials
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
infoleak
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
initial-access
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open ↗VulnCheck XDB
initial-access
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗VulnCheck XDB
client-side
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
41RISK
open ↗VulnCheck XDB
initial-access
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗VulnCheck XDB
remote-with-credentials
XWiki Platform: Remote code execution as guest via DatabaseSearch
75RISK
open ↗VulnCheck XDB
initial-access
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell
100RISK
open ↗VulnCheck XDB
initial-access
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RISK
open ↗VulnCheck XDB
infoleak
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RISK
open ↗VulnCheck XDB
initial-access
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RISK
open ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISK
open ↗VulnCheck XDB
client-side
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitra
76RISK
open ↗VulnCheck XDB
infoleak
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.