Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
NetAlertX File Read Vulnerability
CVE-2024-48766HIGH30 Jan 2025
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and
48RISK
open
Metasploit600
Cacti Graph Template authenticated RCE versions prior to 1.2.29
CVE-2025-24367HIGH27 Jan 2025
Cacti allows Arbitrary File Creation leading to RCE
48RISK
open
Metasploit600
GestioIP 3.5.7 Remote Command Execution
CVE-2024-48760CRITICAL14 Jan 2025
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RISK
open
Metasploit300
Car Rental System 1.0 File Upload RCE (Authenticated)
CVE-2024-57487MEDIUM13 Jan 2025
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types a
28RISK
open
Metasploit300
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
CVE-2024-57727CRITICALunder attackransomware12 Jan 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl
100RISK
open
Metasploit600
Remote Code Execution Vulnerability in Vvveb
CVE-2025-8518MEDIUM10 Jan 2025
givanz Vvveb Code Editor code.php save code injection
28RISK
open
Metasploit600
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
CVE-2025-27218MEDIUM06 Jan 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RISK
open
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2025-3096CRITICAL04 Jan 2025
Clinics Patient Management System SQL Injection
43RISK
open
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2022-2297MEDIUM04 Jan 2025
SourceCodester Clinics Patient Management System unrestricted upload
28RISK
open
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48455LOW27 Dec 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
23RISK
open
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48456HIGH27 Dec 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
41RISK
open
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48457HIGH27 Dec 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
36RISK
open
Metasploit600
Windows Cloud File Mini Filer Driver Heap Overflow
CVE-2024-30085HIGH19 Dec 2024
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RISK
open
Metasploit600
Craft CMS Twig Template Injection RCE via FTP Templates Path
CVE-2024-56145CRITICALunder attack19 Dec 2024
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISK
open
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2025-1094HIGH16 Dec 2024
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RISK
open
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2024-12356CRITICALunder attack16 Dec 2024
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
95RISK
open
Metasploit600
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
CVE-2024-55555HIGH13 Dec 2024
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_
36RISK
open
Metasploit600
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
CVE-2024-55556CRITICAL13 Dec 2024
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote com
55RISK
open
Metasploit600
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
CVE-2024-55956CRITICALunder attackransomware09 Dec 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RISK
open
Metasploit300
LINQPad Deserialization
CVE-2024-53326HIGH03 Dec 2024
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(
36RISK
open
Metasploit600
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
CVE-2024-11320MEDIUM21 Nov 2024
Command Injection leading to RCE via LDAP Misconfiguration
50RISK
open
Metasploit600
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
CVE-2024-47407CRITICAL21 Nov 2024
mySCADA myPRO OS Command Injection
55RISK
open
Metasploit500
Ubuntu needrestart Privilege Escalation
CVE-2024-48990HIGH19 Nov 2024
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tric
41RISK
open
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-9474MEDIUMunder attackransomware18 Nov 2024
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
100RISK
open
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-0012CRITICALunder attackransomware18 Nov 2024
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
100RISK
open
Metasploit600
LibreNMS Authenticated RCE (CVE-2024-51092)
CVE-2024-51092CRITICAL15 Nov 2024
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutContr
43RISK
open
Metasploit600
WordPress WP Time Capsule Arbitrary File Upload to RCE
CVE-2024-8856CRITICAL15 Nov 2024
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RISK
open
Metasploit600
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
CVE-2024-10924CRITICAL14 Nov 2024
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RISK
open
Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-28397MEDIUM28 Oct 2024
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISK
open
Metasploit600
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
CVE-2024-48594HIGH28 Oct 2024
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the f
36RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.