Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
CVE-2018-16858HIGH18 Apr 2019
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RISK
open
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
CVE-2019-269717 Apr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RISK
open
Exploit-DB
ASUS HG100 - Denial of Service
CVE-2018-1149217 Apr 2019
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
28RISK
open
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
CVE-2019-269817 Apr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RISK
open
Exploit-DB
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation
CVE-2018-1937416 Apr 2019
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Troj
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
CVE-2019-073216 Apr 2019
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Wind
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
CVE-2019-073016 Apr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
CVE-2019-073116 Apr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISK
open
Exploit-DB
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
CVE-2019-995516 Apr 2019
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, U
43RISK
open
Exploit-DB
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
CVE-2019-1094516 Apr 2019
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder param
35RISK
open
Exploit-DB
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
CVE-2019-073516 Apr 2019
An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to proper
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
CVE-2019-079616 Apr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
CVE-2019-080516 Apr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISK
open
Exploit-DB
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
CVE-2019-083616 Apr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISK
open
Exploit-DB
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
CVE-2019-1663CRITICAL15 Apr 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Exploit-DB
CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)
CVE-2019-1144715 Apr 2019
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISK
open
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9621HIGHunder attack12 Apr 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISK
open
Exploit-DB
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
CVE-2018-1489412 Apr 2019
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file
23RISK
open
Exploit-DB
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
CVE-2019-1144612 Apr 2019
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user
23RISK
open
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9670CRITICALunder attack12 Apr 2019
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISK
open
Exploit-DB
Microsoft Windows - AppX Deployment Service Privilege Escalation
CVE-2019-0841HIGHunder attackransomware09 Apr 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISK
open
Exploit-DB
Apache Axis 1.4 - Remote Code Execution
CVE-2019-022709 Apr 2019
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RISK
open
Exploit-DB
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
CVE-2019-698909 Apr 2019
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispos
28RISK
open
Exploit-DB
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
CVE-2019-1087408 Apr 2019
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to ex
23RISK
open
Exploit-DB
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation
CVE-2019-0211HIGHunder attack08 Apr 2019
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959308 Apr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to
23RISK
open
Exploit-DB
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
CVE-2019-1027308 Apr 2019
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticat
23RISK
open
Exploit-DB
SaLICru -SLC-20-cube3(5) - HTML Injection
CVE-2019-1088708 Apr 2019
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82
23RISK
open
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959108 Apr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attack
23RISK
open
Exploit-DB
QNAP Netatalk < 3.1.12 - Authentication Bypass
CVE-2018-1160CRITICAL08 Apr 2019
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.