Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit0
MoinMoin twikidraw Action Traversal File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action
50RISK
open ↗Metasploit600
Wordpress Reflex Gallery Upload Vulnerability
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open ↗Metasploit300
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary cod
100RISK
open ↗Metasploit200
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
38RISK
open ↗Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp
50RISK
open ↗Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote atta
50RISK
open ↗Metasploit600
TWiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RISK
open ↗Metasploit300
RealPlayer RealMedia File Handling Buffer Overflow
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers
50RISK
open ↗Metasploit300
Novell eDirectory 8 Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at
50RISK
open ↗Metasploit500
Nagios3 history.cgi Host Command Execution
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RISK
open ↗Metasploit600
FreeFloat FTP Server Arbitrary File Upload
FreeFloat FTP Server Arbitrary File Upload
63RISK
open ↗Metasploit400
Netwin SurgeFTP Remote Command Execution
Netwin SurgeFTP <= v23c8 Authenticated RCE
36RISK
open ↗Metasploit600
OpenSIS 'modname' PHP Code Execution
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
43RISK
open ↗Metasploit600
Foswiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RISK
open ↗Metasploit300
Android Stock Browser Iframe DOS
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a
18RISK
open ↗Metasploit600
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RISK
open ↗Metasploit600
Oracle MySQL for Microsoft Windows MOF Execution
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RISK
open ↗Metasploit600
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
50RISK
open ↗Metasploit300
Symantec Messaging Gateway 9.5 Log File Download Vulnerability
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow r
50RISK
open ↗Metasploit600
Nagios XI Network Monitor Graph Explorer Component Command Injection
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
36RISK
open ↗Metasploit600
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7
43RISK
open ↗Metasploit600
Maxthon3 about:history XCS Trusted Zone Code Execution
Maxthon3 about:history XCS Trusted Zone Code Execution
36RISK
open ↗Metasploit300
KingView Log File Parsing Buffer Overflow
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView
50RISK
open ↗Metasploit300
CUPS 1.6.1 Root File Read
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator
18RISK
open ↗Metasploit300
NFR Agent FSFUI Record Arbitrary Remote File Access
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrar
60RISK
open ↗Metasploit300
NFR Agent SRS Record Arbitrary Remote File Access
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbi
50RISK
open ↗Metasploit300
NFR Agent Heap Overflow Vulnerability
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary co
30RISK
open ↗Metasploit500
NFR Agent FSFUI Record File Upload RCE
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and ex
60RISK
open ↗Metasploit600
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manage
50RISK
open ↗Metasploit600
Narcissus Image Configuration Passthru Vulnerability
Narcissus backend.php Image Configuration Command Injection
63RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.