Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,181cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
8,078 exploits
VulnCheck XDB
initial-access
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open ↗VulnCheck XDB
infoleak
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00
35RISK
open ↗VulnCheck XDB
denial-of-service
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISK
open ↗VulnCheck XDB
infoleak
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RISK
open ↗VulnCheck XDB
initial-access
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISK
open ↗VulnCheck XDB
infoleak
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which ca
43RISK
open ↗VulnCheck XDB
initial-access
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open ↗VulnCheck XDB
client-side
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RISK
open ↗VulnCheck XDB
remote-with-credentials
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISK
open ↗VulnCheck XDB
initial-access
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗VulnCheck XDB
initial-access
RevPi Webstatus application is vulnerable to an authentication bypass
75RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.