Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,888GitHub PoC 13,184VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
8,100 exploits
VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗VulnCheck XDB
initial-access
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISK
open ↗VulnCheck XDB
initial-access
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open ↗VulnCheck XDB
infoleak
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which ca
43RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
remote-with-credentials
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISK
open ↗VulnCheck XDB
initial-access
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open ↗VulnCheck XDB
client-side
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISK
open ↗VulnCheck XDB
remote-with-credentials
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISK
open ↗VulnCheck XDB
initial-access
RevPi Webstatus application is vulnerable to an authentication bypass
75RISK
open ↗VulnCheck XDB
initial-access
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗VulnCheck XDB
initial-access
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open ↗VulnCheck XDB
initial-access
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗VulnCheck XDB
local
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open ↗VulnCheck XDB
remote-with-credentials
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.