Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISK
open ↗Exploit-DB
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTB
35RISK
open ↗Exploit-DB
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in Po
35RISK
open ↗Exploit-DB
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package
23RISK
open ↗Exploit-DB
Evince - CBT File Command Injection (Metasploit)
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RISK
open ↗Exploit-DB
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as
100RISK
open ↗Exploit-DB
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition)
28RISK
open ↗Exploit-DB
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RISK
open ↗Exploit-DB
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition)
28RISK
open ↗Exploit-DB
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
28RISK
open ↗Exploit-DB
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISK
open ↗Exploit-DB
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
23RISK
open ↗Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.1
23RISK
open ↗Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3,
23RISK
open ↗Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave
23RISK
open ↗Exploit-DB
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Moja
23RISK
open ↗Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Moja
23RISK
open ↗Exploit-DB
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input
23RISK
open ↗Exploit-DB
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
33RISK
open ↗Exploit-DB
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RISK
open ↗Exploit-DB
Sricam gSOAP 2.8 - Denial of Service
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server
28RISK
open ↗Exploit-DB
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the ad
23RISK
open ↗Exploit-DB
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
28RISK
open ↗Exploit-DB
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascrip
23RISK
open ↗Exploit-DB
Cisco RV300 / RV320 - Information Disclosure
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISK
open ↗Exploit-DB
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 thr
23RISK
open ↗Exploit-DB
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPost
23RISK
open ↗Exploit-DB
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.
28RISK
open ↗Exploit-DB
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attack
28RISK
open ↗Exploit-DB
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.