Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
FreeBSD 12.0 - 'fd' Local Privilege Escalation
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEAS
23RISK
open ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RISK
open ↗Exploit-DB
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthent
35RISK
open ↗Exploit-DB
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly
28RISK
open ↗Exploit-DB
Microsoft Exchange 2003 - base64-MIME Remote Code Execution
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, wh
35RISK
open ↗Exploit-DB
Symantec DLP 15.5 MP1 - Cross-Site Scripting
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue th
23RISK
open ↗Exploit-DB
Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISK
open ↗Exploit-DB
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open ↗Exploit-DB
Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RISK
open ↗Exploit-DB
Centreon 19.04 - Remote Code Execution
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitra
35RISK
open ↗Exploit-DB
SAP Crystal Reports - Information Disclosure
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive databas
23RISK
open ↗Exploit-DB
LibreNMS 1.46 - 'addhost' Remote Code Execution
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISK
open ↗Exploit-DB
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISK
open ↗Exploit-DB
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RISK
open ↗Exploit-DB
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open ↗Exploit-DB
GrandNode 4.40 - Path Traversal / Arbitrary File Download
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows
50RISK
open ↗Exploit-DB
SeedDMS versions < 5.1.11 - Remote Command Execution
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a differe
28RISK
open ↗Exploit-DB
dotProject 2.1.9 - SQL Injection
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Ori
28RISK
open ↗Exploit-DB
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Nam
23RISK
open ↗Exploit-DB
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Windows ALPC Elevation of Privilege Vulnerability
23RISK
open ↗Exploit-DB
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
23RISK
open ↗Exploit-DB
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Windows Common Log File System Driver Elevation of Privilege Vulnerability
41RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.