Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Narcissus Image Configuration Passthru Vulnerability
Narcissus backend.php Image Configuration Command Injection
63RISK
open ↗Metasploit300
VMWare OVF Tools Format String Vulnerability
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Pl
50RISK
open ↗Metasploit300
VMWare OVF Tools Format String Vulnerability
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Pl
50RISK
open ↗Metasploit300
Apple QuickTime 7.7.2 MIME Type Buffer Overflow
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause
50RISK
open ↗Metasploit300
Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a de
50RISK
open ↗Metasploit300
Axigen Arbitrary File Read and Delete
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RISK
open ↗Metasploit600
Invision IP.Board unserialize() PHP Code Execution
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3
43RISK
open ↗Metasploit300
ClanSphere 2011.3 Local File Inclusion Vulnerability
ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie
36RISK
open ↗Metasploit300
Bitweaver overlay_type Directory Traversal
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to rea
50RISK
open ↗Metasploit600
Mutiny Remote Command Execution
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, re
43RISK
open ↗Metasploit300
Drupal OpenID External Entity Injection
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE d
23RISK
open ↗Metasploit600
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
100RISK
open ↗Metasploit600
Java Applet JAX-WS Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
100RISK
open ↗Metasploit600
Ektron 8.02 XSLT Transform Remote Code Execution
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true
50RISK
open ↗Metasploit600
Java Applet Method Handle Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
60RISK
open ↗Metasploit600
Sun Java Web Start Double Quote Injection
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and
50RISK
open ↗Metasploit500
Windows Escalate Service Permissions Local Privilege Escalation
Active Directory Domain Services Elevation of Privilege Vulnerability
41RISK
open ↗Metasploit300
MS11-081 Microsoft Internet Explorer Option Element Use-After-Free
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to exe
50RISK
open ↗Metasploit600
PhpTax pfilez Parameter Exec Remote Code Injection
PhpTax pfilez Parameter Exec Remote Code Injection
63RISK
open ↗Metasploit600
Project Pier Arbitrary File Upload Vulnerability
Project Pier <= 0.8.8 Arbitrary File Upload RCE
63RISK
open ↗Metasploit0
D-Link DIR-605L Captcha Handling Buffer Overflow
D-Link DIR-605L Captcha Handling Buffer Overflow
63RISK
open ↗Metasploit500
Turbo FTP Server 1.30.823 PORT Overflow
Turbo FTP Server 1.30.823/826 PORT Command Buffer Overflow
43RISK
open ↗Metasploit300
phpMyAdmin 3.5.2.2 server_sync.php Backdoor
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an e
60RISK
open ↗Metasploit600
ZEN Load Balancer Filelog Command Execution
ZEN Load Balancer Filelog Command Execution
63RISK
open ↗Metasploit600
Auxilium RateMyPet Arbitrary File Upload Vulnerability
Auxilium RateMyPet Arbitrary File Upload RCE
63RISK
open ↗Metasploit400
MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 al
100RISK
open ↗Metasploit600
Webmin /file/show.cgi Remote Command Execution
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid
50RISK
open ↗Metasploit300
Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited
23RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.