Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
23RISK
open ↗Exploit-DB
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
23RISK
open ↗Exploit-DB
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to
35RISK
open ↗Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISK
open ↗Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open ↗Exploit-DB
GattLib 0.2 - Stack Buffer Overflow
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
23RISK
open ↗Exploit-DB
Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitiv
23RISK
open ↗Exploit-DB
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-T
38RISK
open ↗Exploit-DB
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Exploit-DB
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISK
open ↗Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Exploit-DB
Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly
23RISK
open ↗Exploit-DB
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Exploit-DB
Microsoft Edge Chakra - 'InitClass' Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Exploit-DB
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allo
23RISK
open ↗Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISK
open ↗Exploit-DB
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The s
23RISK
open ↗Exploit-DB
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a
28RISK
open ↗Exploit-DB
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISK
open ↗Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attac
28RISK
open ↗Exploit-DB
Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISK
open ↗Exploit-DB
NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd
28RISK
open ↗Exploit-DB
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users
38RISK
open ↗Exploit-DB
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.
28RISK
open ↗Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attacker
28RISK
open ↗Exploit-DB
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RISK
open ↗Exploit-DB
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read be
35RISK
open ↗Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote atta
28RISK
open ↗Exploit-DB
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape
23RISK
open ↗Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
28RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.