Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
CVE-2019-921306 Mar 2019
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RISK
open
Exploit-DB
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
CVE-2019-738504 Mar 2019
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and
28RISK
open
Exploit-DB
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
CVE-2019-053904 Mar 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open
Exploit-DB
elFinder 2.1.47 - 'PHP connector' Command Injection
CVE-2019-919404 Mar 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open
Exploit-DB
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
CVE-2019-9082HIGHunder attack04 Mar 2019
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894201 Mar 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISK
open
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894301 Mar 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISK
open
Exploit-DB
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
CVE-2019-916201 Mar 2019
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient
23RISK
open
Exploit-DB
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
CVE-2019-1674HIGH01 Mar 2019
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
46RISK
open
Exploit-DB
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
CVE-2019-392128 Feb 2019
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via
28RISK
open
Exploit-DB
Joomla! Component J2Store < 3.3.7 - SQL Injection
CVE-2019-918428 Feb 2019
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitr
23RISK
open
Exploit-DB
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
CVE-2019-837528 Feb 2019
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products
28RISK
open
Exploit-DB
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
CVE-2019-697727 Feb 2019
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RISK
open
Exploit-DB
Drupal < 8.6.9 - REST Module Remote Code Execution
CVE-2019-6340HIGHunder attack25 Feb 2019
Drupal core - Highly critical - Remote Code Execution
100RISK
open
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2019-100300025 Feb 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISK
open
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2018-199900225 Feb 2019
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framewor
45RISK
open
Exploit-DB
zzzphp CMS 1.6.1 - Remote Code Execution
CVE-2019-904125 Feb 2019
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filter
50RISK
open
Exploit-DB
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
CVE-2019-6340HIGHunder attack23 Feb 2019
Drupal core - Highly critical - Remote Code Execution
100RISK
open
Exploit-DB
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
CVE-2019-3474MEDIUM22 Feb 2019
Path traversal vulnerability in Filr web application
33RISK
open
Exploit-DB
WinRAR 5.61 - Path Traversal
CVE-2018-20250HIGHunder attackransomware22 Feb 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open
Exploit-DB
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)
CVE-2018-1898222 Feb 2019
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RISK
open
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2022022 Feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authen
28RISK
open
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021822 Feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input direct
28RISK
open
Exploit-DB
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
CVE-2017-1741722 Feb 2019
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backu
28RISK
open
Exploit-DB
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
CVE-2019-621522 Feb 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safa
23RISK
open
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021922 Feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the de
28RISK
open
Exploit-DB
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
CVE-2019-392421 Feb 2019
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The so
28RISK
open
Exploit-DB
FaceTime - Texture Processing Memory Corruption
CVE-2019-622420 Feb 2019
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.
23RISK
open
Exploit-DB
HotelDruid 2.3 - Cross-Site Scripting
CVE-2019-893720 Feb 2019
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabel
43RISK
open
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892619 Feb 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.