Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
CVE-2019-3929CRITICALunder attack03 May 2019
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RISK
open
Exploit-DB
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service
CVE-2019-901703 May 2019
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the m
28RISK
open
Exploit-DB
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
CVE-2019-1150403 May 2019
Zotonic before version 0.47 has mod_admin XSS.
23RISK
open
Exploit-DB
Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
CVE-2019-542002 May 2019
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISK
open
Exploit-DB
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
CVE-2019-1142901 May 2019
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro)
23RISK
open
Exploit-DB
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
CVE-2019-1141530 Apr 2019
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause
28RISK
open
Exploit-DB
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
CVE-2019-1141630 Apr 2019
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstr
23RISK
open
Exploit-DB
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
CVE-2019-379930 Apr 2019
Directory Traversal with spring-cloud-config-server
60RISK
open
Exploit-DB
Domoticz 4.10577 - Unauthenticated Remote Command Execution
CVE-2019-1067830 Apr 2019
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
28RISK
open
Exploit-DB
HumHub 1.3.12 - Cross-Site Scripting
CVE-2019-1156430 Apr 2019
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HT
23RISK
open
Exploit-DB
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
CVE-2019-2725HIGHunder attackransomware30 Apr 2019
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISK
open
Exploit-DB
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
CVE-2019-1012330 Apr 2019
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RISK
open
Exploit-DB
Domoticz 4.10577 - Unauthenticated Remote Command Execution
CVE-2019-1066430 Apr 2019
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
23RISK
open
Exploit-DB
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
CVE-2019-1086730 Apr 2019
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISK
open
Exploit-DB
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
CVE-2019-018626 Apr 2019
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XS
28RISK
open
Exploit-DB
JioFi 4G M2S 1.0.2 - Denial of Service
CVE-2019-743925 Apr 2019
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.
23RISK
open
Exploit-DB
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting
CVE-2019-743825 Apr 2019
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
23RISK
open
Exploit-DB
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
CVE-2018-20250HIGHunder attackransomware25 Apr 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Exploit-DB
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
CVE-2019-272124 Apr 2019
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions th
23RISK
open
Exploit-DB
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
CVE-2019-3842MEDIUM23 Apr 2019
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using t
33RISK
open
Exploit-DB
Msvod 10 - Cross-Site Request Forgery (Change User Information)
CVE-2019-1137522 Apr 2019
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
23RISK
open
Exploit-DB
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
CVE-2019-1137422 Apr 2019
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
23RISK
open
Exploit-DB
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
CVE-2019-718122 Apr 2019
Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the pr
23RISK
open
Exploit-DB
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting
CVE-2019-1139822 Apr 2019
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitra
23RISK
open
Exploit-DB
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
CVE-2010-417019 Apr 2019
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allow
38RISK
open
Exploit-DB
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
CVE-2019-258819 Apr 2019
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
50RISK
open
Exploit-DB
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
CVE-2019-2616HIGHunder attack19 Apr 2019
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
100RISK
open
Exploit-DB
Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)
CVE-2019-3396CRITICALunder attackransomware19 Apr 2019
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISK
open
Exploit-DB
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
CVE-2018-16858HIGH18 Apr 2019
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RISK
open
Exploit-DB
Evernote 7.9 - Code Execution via Path Traversal
CVE-2019-1003818 Apr 2019
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.