Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
CVE-2018-0296HIGHunder attack12 Aug 2019
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RISK
open
Exploit-DB
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
CVE-2019-1480412 Aug 2019
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template
23RISK
open
Exploit-DB
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
CVE-2019-1225512 Aug 2019
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISK
open
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
CVE-2019-1493112 Aug 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RISK
open
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
CVE-2019-1492712 Aug 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RISK
open
Exploit-DB
Adive Framework 2.0.7 - Cross-Site Request Forgery
CVE-2019-1434608 Aug 2019
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
23RISK
open
Exploit-DB
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
CVE-2019-1469608 Aug 2019
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
43RISK
open
Exploit-DB
Aptana Jaxer 1.0.3.4547 - Local File inclusion
CVE-2019-1431208 Aug 2019
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This v
43RISK
open
Exploit-DB
WordPress Plugin JoomSport 3.3 - SQL Injection
CVE-2019-1434807 Aug 2019
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via
28RISK
open
Exploit-DB
macOS iMessage - Heap Overflow when Deserializing
CVE-2019-866105 Aug 2019
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A rem
28RISK
open
Exploit-DB
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
CVE-2018-133505 Aug 2019
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISK
open
Exploit-DB
SilverSHielD 6.x - Local Privilege Escalation
CVE-2019-1306901 Aug 2019
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The
23RISK
open
Exploit-DB
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
CVE-2019-286131 Jul 2019
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported versi
23RISK
open
Exploit-DB
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
CVE-2019-864730 Jul 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchO
28RISK
open
Exploit-DB
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
CVE-2019-866230 Jul 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RISK
open
Exploit-DB
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
CVE-2019-867230 Jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RISK
open
Exploit-DB
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
CVE-2019-866030 Jul 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10
28RISK
open
Exploit-DB
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
CVE-2019-394830 Jul 2019
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
28RISK
open
Exploit-DB
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
CVE-2019-864630 Jul 2019
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.
28RISK
open
Exploit-DB
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
CVE-2019-867130 Jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
23RISK
open
Exploit-DB
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
CVE-2019-1432829 Jul 2019
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
23RISK
open
Exploit-DB
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
CVE-2019-681429 Jul 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISK
open
Exploit-DB
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
CVE-2019-1132HIGHunder attack26 Jul 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
71RISK
open
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
CVE-2019-1026726 Jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RISK
open
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
CVE-2019-1026626 Jul 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL
28RISK
open
Exploit-DB
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
CVE-2019-1026726 Jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RISK
open
Exploit-DB
pdfresurrect 0.15 - Buffer Overflow
CVE-2019-1426726 Jul 2019
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is misha
23RISK
open
Exploit-DB
Moodle Filepicker 3.5.2 - Server Side Request Forgery
CVE-2018-104226 Jul 2019
Moodle 3.x has Server Side Request Forgery in the filepicker.
28RISK
open
Exploit-DB
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
CVE-2019-864925 Jul 2019
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
23RISK
open
Exploit-DB
Ovidentia 8.4.3 - Cross-Site Scripting
CVE-2019-1397725 Jul 2019
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=crea
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.