Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,163cataloged exploits
31,687CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
CVE-2019-1690230 Sep 2019
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
23RISK
open
Exploit-DB
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
CVE-2019-126225 Sep 2019
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a speciall
23RISK
open
Exploit-DB
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
CVE-2019-548525 Sep 2019
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be inje
35RISK
open
Exploit-DB
ABRT - sosreport Privilege Escalation (Metasploit)
CVE-2015-528725 Sep 2019
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RISK
open
Exploit-DB
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
CVE-2019-864124 Sep 2019
An out-of-bounds read was addressed with improved input validation.
28RISK
open
Exploit-DB
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
CVE-2019-1670124 Sep 2019
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_ph
28RISK
open
Exploit-DB
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
CVE-2019-0708CRITICALunder attackransomware24 Sep 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open
Exploit-DB
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
CVE-2019-8605HIGHunder attack23 Sep 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISK
open
Exploit-DB
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
CVE-2019-16759CRITICALunder attack23 Sep 2019
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISK
open
Exploit-DB
Gila CMS < 1.11.1 - Local File Inclusion
CVE-2019-1667923 Sep 2019
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
23RISK
open
Exploit-DB
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure
CVE-2019-539223 Sep 2019
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than ve
23RISK
open
Exploit-DB
LayerBB < 1.1.4 - Cross-Site Request Forgery
CVE-2019-1653120 Sep 2019
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
23RISK
open
Exploit-DB
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
CVE-2019-1639919 Sep 2019
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to acce
23RISK
open
Exploit-DB
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
CVE-2019-1594318 Sep 2019
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or de
23RISK
open
Exploit-DB
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
CVE-2016-1025816 Sep 2019
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A
23RISK
open
Exploit-DB
AppXSvc - Privilege Escalation
CVE-2019-1253HIGHunder attackransomware16 Sep 2019
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To e
76RISK
open
Exploit-DB
Notepad++ < 7.7 (x64) - Denial of Service
CVE-2019-1629416 Sep 2019
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch
23RISK
open
Exploit-DB
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
CVE-2019-1619713 Sep 2019
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document
23RISK
open
Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
CVE-2019-1617213 Sep 2019
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, Su
23RISK
open
Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
CVE-2019-1617313 Sep 2019
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example,
23RISK
open
Exploit-DB
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
CVE-2019-124412 Sep 2019
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISK
open
Exploit-DB
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
CVE-2019-124512 Sep 2019
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISK
open
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
CVE-2019-1611710 Sep 2019
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISK
open
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
CVE-2019-1611810 Sep 2019
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISK
open
Exploit-DB
LibreNMS - Collectd Command Injection (Metasploit)
CVE-2019-1066910 Sep 2019
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/dev
60RISK
open
Exploit-DB
October CMS - Upload Protection Bypass Code Execution (Metasploit)
CVE-2017-100011910 Sep 2019
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISK
open
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
CVE-2019-1611910 Sep 2019
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/control
28RISK
open
Exploit-DB
Enigma NMS 65.0.0 - SQL Injection
CVE-2019-1606509 Sep 2019
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows a
23RISK
open
Exploit-DB
Enigma NMS 65.0.0 - OS Command Injection
CVE-2019-1607209 Sep 2019
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows
43RISK
open
Exploit-DB
FusionPBX 4.4.8 - Remote Code Execution
CVE-2019-1502906 Sep 2019
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service
28RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.