Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,171cataloged exploits
31,690CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,069Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
FusionPBX 4.4.8 - Remote Code Execution
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service
28RISK
open ↗Exploit-DB
AwindInc SNMP Service - Command Injection (Metasploit)
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISK
open ↗Exploit-DB
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devic
23RISK
open ↗Exploit-DB
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by t
53RISK
open ↗Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISK
open ↗Exploit-DB
ktsuss 1.4 - suid Privilege Escalation (Metasploit)
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified com
60RISK
open ↗Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RISK
open ↗Exploit-DB
Cisco UCS Director - default scpuser password (Metasploit)
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISK
open ↗Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISK
open ↗Exploit-DB
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open ↗Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
23RISK
open ↗Exploit-DB
Craft CMS 2.7.9/3.2.5 - Information Disclosure
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images whe
23RISK
open ↗Exploit-DB
Alkacon OpenCMS 10.5.x - Local File inclusion
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an atta
23RISK
open ↗Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
23RISK
open ↗Exploit-DB
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the man
23RISK
open ↗Exploit-DB
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to
23RISK
open ↗Exploit-DB
Asus Precision TouchPad 11.0.0.25 - Denial of Service
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP devic
28RISK
open ↗Exploit-DB
Canon PRINT 2.5.5 - Information Disclosure
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly res
23RISK
open ↗Exploit-DB
DomainMod 4.13 - Cross-Site Scripting
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
38RISK
open ↗Exploit-DB
Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RISK
open ↗Exploit-DB
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is
28RISK
open ↗Exploit-DB
Tableau - XML External Entity
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to informat
46RISK
open ↗Exploit-DB
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in
23RISK
open ↗Exploit-DB
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open ↗Exploit-DB
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
23RISK
open ↗Exploit-DB
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS Elevation of Privilege Vulnerability
41RISK
open ↗Exploit-DB
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow
43RISK
open ↗Exploit-DB
LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)
LibreLogo global-event script execution
60RISK
open ↗Exploit-DB
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISK
open ↗Exploit-DB
QEMU - Denial of Service
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas
28RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.