Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to
23RISK
open ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISK
open ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISK
open ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗Exploit-DB
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS
23RISK
open ↗Exploit-DB
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS
76RISK
open ↗Exploit-DB
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbi
23RISK
open ↗Exploit-DB
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
28RISK
open ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISK
open ↗Exploit-DB
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
23RISK
open ↗Exploit-DB
LimeSurvey < 3.16 - Remote Code Execution
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar://
28RISK
open ↗Exploit-DB
CMS Made Simple < 2.2.10 - SQL Injection
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗Exploit-DB
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter
23RISK
open ↗Exploit-DB
Fat Free CRM 0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to th
23RISK
open ↗Exploit-DB
i-doit 1.12 - 'qr.php' Cross-Site Scripting
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
23RISK
open ↗Exploit-DB
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISK
open ↗Exploit-DB
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISK
open ↗Exploit-DB
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and loca
28RISK
open ↗Exploit-DB
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects w
28RISK
open ↗Exploit-DB
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RISK
open ↗Exploit-DB
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
Rukovoditel before 2.4.1 allows XSS.
23RISK
open ↗Exploit-DB
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISK
open ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately
23RISK
open ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Manageme
28RISK
open ↗Exploit-DB
DVD X Player 5.5.3 - '.plf' Buffer Overflow
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
23RISK
open ↗Exploit-DB
Rails 5.2.1 - Arbitrary File Content Disclosure
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where spe
100RISK
open ↗Exploit-DB
Canarytokens 2019-03-01 - Detection Bypass
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timesta
28RISK
open ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpag
23RISK
open ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnera
23RISK
open ↗Exploit-DB
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap c
41RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.