Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
EA Origin < 10.5.38 - Remote Code Execution
CVE-2019-1282821 Jun 2019
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and orig
28RISK
open
Exploit-DB
Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
CVE-2019-1821HIGH20 Jun 2019
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISK
open
Exploit-DB
Sahi pro 7.x/8.x - Directory Traversal
CVE-2018-2047018 Jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RISK
open
Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
CVE-2019-1218118 Jun 2019
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISK
open
Exploit-DB
Sahi pro 8.x - Cross-Site Scripting
CVE-2018-2047218 Jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
23RISK
open
Exploit-DB
Sahi pro 8.x - SQL Injection
CVE-2018-2046918 Jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to
28RISK
open
Exploit-DB
Spring Security OAuth - Open Redirector
CVE-2019-377817 Jun 2019
Open Redirect in spring-security-oauth2
28RISK
open
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
CVE-2019-1170317 Jun 2019
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing cer
28RISK
open
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
CVE-2019-1170417 Jun 2019
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when proce
28RISK
open
Exploit-DB
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
CVE-2019-1232317 Jun 2019
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
23RISK
open
Exploit-DB
Spring Security OAuth - Open Redirector
CVE-2019-11269MEDIUM17 Jun 2019
Open Redirector in spring-security-oauth2
33RISK
open
Exploit-DB
Exim 4.87 - 4.91 - Local Privilege Escalation
CVE-2019-10149CRITICALunder attack17 Jun 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
Exploit-DB
Thunderbird ESR < 60.7.XXX - Type Confusion
CVE-2019-1170617 Jun 2019
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when pro
23RISK
open
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
CVE-2019-1170517 Jun 2019
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processin
23RISK
open
Exploit-DB
Sitecore 8.x - Deserialization Remote Code Execution
CVE-2019-1108013 Jun 2019
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 2
28RISK
open
Exploit-DB
phpMyAdmin 4.8 - Cross-Site Request Forgery
CVE-2019-1261611 Jun 2019
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF
28RISK
open
Exploit-DB
ProShow 9.0.3797 - Local Privilege Escalation
CVE-2019-1278811 Jun 2019
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges).
23RISK
open
Exploit-DB
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
CVE-2019-658811 Jun 2019
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsani
23RISK
open
Exploit-DB
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
CVE-2019-1139810 Jun 2019
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitra
23RISK
open
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
CVE-2019-0841HIGHunder attackransomware07 Jun 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISK
open
Exploit-DB
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
CVE-2019-1247706 Jun 2019
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcas
43RISK
open
Exploit-DB
VMware WorkStation 12.5.3 - Virtual Machine Escape
CVE-2017-490506 Jun 2019
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi
23RISK
open
Exploit-DB
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
CVE-2019-9621HIGHunder attack05 Jun 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISK
open
Exploit-DB
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
CVE-2019-10149CRITICALunder attack05 Jun 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
Exploit-DB
LibreNMS - addhost Command Injection (Metasploit)
CVE-2018-2043405 Jun 2019
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISK
open
Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
CVE-2019-4279CRITICAL05 Jun 2019
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
85RISK
open
Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
CVE-2019-835205 Jun 2019
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sen
23RISK
open
Exploit-DB
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
CVE-2019-1663CRITICAL04 Jun 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
CVE-2019-1253804 Jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
23RISK
open
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
CVE-2019-1254204 Jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.