Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit500
HP Data Protector Backup Client Service Directory Traversal
CVE-2013-619402 Jan 2014
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a
50RISK
open
Metasploit500
SerComm Device Remote Code Execution
CVE-2014-065931 Dec 2013
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISK
open
Metasploit300
SerComm Network Device Backdoor Detection
CVE-2014-065931 Dec 2013
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISK
open
Metasploit300
IBM Lotus Notes Sametime User Enumeration
CVE-2013-397527 Dec 2013
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remot
23RISK
open
Metasploit300
IBM Lotus Sametime Version Enumeration
CVE-2013-398227 Dec 2013
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspeci
23RISK
open
Metasploit300
IBM Lotus Notes Sametime Room Name Bruteforce
CVE-2013-397727 Dec 2013
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine whic
18RISK
open
Metasploit300
RealNetworks RealPlayer Version Attribute Buffer Overflow
CVE-2013-726020 Dec 2013
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before
50RISK
open
Metasploit300
Adobe Flash Player Type Confusion Remote Code Execution
CVE-2013-533110 Dec 2013
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2
60RISK
open
Metasploit300
IcoFX Stack Buffer Overflow
CVE-2013-498810 Dec 2013
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open
Metasploit500
MS13-097 Registry Symlink IE Sandbox Escape
CVE-2013-504510 Dec 2013
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and conseque
43RISK
open
Metasploit600
ElasticSearch Dynamic Script Arbitrary Java Execution
CVE-2014-3120HIGHunder attack09 Dec 2013
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open
Metasploit600
Zimbra Collaboration Server LFI
CVE-2013-709106 Dec 2013
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RISK
open
Metasploit300
IBM Forms Viewer Unicode Buffer Overflow
CVE-2013-544705 Dec 2013
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to exe
50RISK
open
Metasploit300
Ruby on Rails Action View MIME Memory Exhaustion
CVE-2013-641404 Dec 2013
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo
23RISK
open
Metasploit200
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
CVE-2013-130001 Dec 2013
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
43RISK
open
Metasploit600
WordPress OptimizePress Theme File Upload Vulnerability
CVE-2013-710229 Nov 2013
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-
23RISK
open
Metasploit200
MS14-002 Microsoft Windows ndproxy.sys Local Privilege Escalation
CVE-2013-5065HIGHunder attack27 Nov 2013
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges
98RISK
open
Metasploit300
Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow
CVE-2009-026124 Nov 2013
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary
43RISK
open
Metasploit300
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
CVE-2013-416422 Nov 2013
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and tru
30RISK
open
Metasploit600
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload
CVE-2025-34121CRITICAL19 Nov 2013
Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE
63RISK
open
Metasploit300
Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
CVE-2013-205012 Nov 2013
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and Mana
23RISK
open
Metasploit300
Huawei Datacard Information Disclosure Vulnerability
CVE-2013-603111 Nov 2013
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remot
18RISK
open
Metasploit600
Kaseya uploadImage Arbitrary File Upload
CVE-2013-10034CRITICAL11 Nov 2013
Kaseya < 6.3.0.2 uploadImage.asp Arbitrary File Upload RCE
63RISK
open
Metasploit600
ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload
CVE-2013-739011 Nov 2013
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before buil
60RISK
open
Metasploit300
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
CVE-2013-3918HIGHunder attack08 Nov 2013
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server
100RISK
open
Metasploit300
IBM Lotus Sametime WebPlayer DoS
CVE-2013-398607 Nov 2013
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension c
18RISK
open
Metasploit300
Supermicro Onboard IPMI CGI Vulnerability Scanner
CVE-2013-362306 Nov 2013
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RISK
open
Metasploit300
Supermicro Onboard IPMI Static SSL Certificate Scanner
CVE-2013-361906 Nov 2013
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_3
18RISK
open
Metasploit300
Supermicro Onboard IPMI CGI Vulnerability Scanner
CVE-2013-362106 Nov 2013
15RISK
open
Metasploit300
Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal
CVE-2013-678506 Nov 2013
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attacker
18RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.