Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
AllExploit-DB 22,786Referência 19,896GitHub PoC 13,187VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Active Collab "chat module" Remote PHP Code Injection Exploit
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute
43RISK
open ↗Metasploit600
PHP Volunteer Management System v1.0.2 Arbitrary File Upload Vulnerability
PHP Volunteer Management System 1.0.2 Arbitrary File Upload
36RISK
open ↗Metasploit600
WordPress Asset-Manager PHP File Upload Vulnerability
WordPress Plugin Asset-Manager <= 2.0 PHP File Upload
63RISK
open ↗Metasploit300
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-00
50RISK
open ↗Metasploit300
IBM Rational ClearQuest CQOle Remote Code Execution
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 bef
50RISK
open ↗Metasploit300
GIMP script-fu Server Buffer Overflow
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and p
60RISK
open ↗Metasploit600
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to u
50RISK
open ↗Metasploit600
Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts,
60RISK
open ↗Metasploit600
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts,
60RISK
open ↗Metasploit300
Lattice Semiconductor ispVM System XCF File Handling Overflow
Lattice Semiconductor ispVM System 18.0.2 XCF File Handling Buffer Overflow
36RISK
open ↗Metasploit300
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary
43RISK
open ↗Metasploit300
Apple QuickTime TeXML Style Element Stack Buffer Overflow
Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbit
43RISK
open ↗Metasploit300
PHP apache_request_headers Function Buffer Overflow
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote at
50RISK
open ↗Metasploit300
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispa
50RISK
open ↗Metasploit300
Adobe Flash Player Object Type Confusion
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on
60RISK
open ↗Metasploit600
PHP CGI Argument Injection
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISK
open ↗Metasploit600
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to ex
43RISK
open ↗Metasploit300
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol v
50RISK
open ↗Metasploit600
WebCalendar 1.2.4 Pre-Auth Remote Code Injection
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RISK
open ↗Metasploit300
Samsung NET-i Viewer Multiple ActiveX BackupToAvi() Remote Overflow
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
50RISK
open ↗Metasploit300
Oracle TNS Listener Checker
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.
40RISK
open ↗Metasploit300
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows rem
50RISK
open ↗Metasploit200
MS12-027 MSCOMCTL ActiveX Buffer Overflow
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls
100RISK
open ↗Metasploit300
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement valida
60RISK
open ↗Metasploit600
Distinct TFTP 3.10 Writable Directory Traversal Execution
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remo
68RISK
open ↗Metasploit600
Dolibarr ERP/CRM Post-Auth OS Command Injection
Dolibarr ERP/CRM Post-Auth OS Command Injection
63RISK
open ↗Metasploit300
BlazeVideo HDTV Player Pro v6.6 Filename Handling Vulnerability
BlazeVideo HDTV Player Pro 6.6.0.3 Filename Handling Buffer Overflow
36RISK
open ↗Metasploit300
IBM Cognos tm1admsd.exe Overflow
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2
50RISK
open ↗Metasploit300
TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera
60RISK
open ↗Metasploit200
Quest InTrust Annotation Objects Uninitialized Pointer
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not prope
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.