Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
AllExploit-DB 22,786Referência 19,896GitHub PoC 13,187VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
22,786 exploits
Exploit-DB
LayerBB 1.1.1 - Persistent Cross-Site Scripting
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
23RISK
open ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage
23RISK
open ↗Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISK
open ↗Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISK
open ↗Exploit-DB
WebKit JSC - 'AbstractValue::set' Use-After-Free
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISK
open ↗Exploit-DB
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISK
open ↗Exploit-DB
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
28RISK
open ↗Exploit-DB
Frog CMS 0.9.5 - Cross-Site Scripting
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
23RISK
open ↗Exploit-DB
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RISK
open ↗Exploit-DB
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau
43RISK
open ↗Exploit-DB
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer
43RISK
open ↗Exploit-DB
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE
43RISK
open ↗Exploit-DB
Craft CMS 3.0.25 - Cross-Site Scripting
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
23RISK
open ↗Exploit-DB
bludit Pages Editor 3.0.0 - Arbitrary File Upload
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages
35RISK
open ↗Exploit-DB
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful
93RISK
open ↗Exploit-DB
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
23RISK
open ↗Exploit-DB
Netatalk 3.1.12 - Authentication Bypass
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Exploit-DB
Netatalk 3.1.12 - Authentication Bypass (PoC)
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Exploit-DB
VBScript - VbsErase Reference Leak Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows
35RISK
open ↗Exploit-DB
VBScript - MSXML Execution Policy Bypass
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly rest
35RISK
open ↗Exploit-DB
Yeswiki Cercopitheque - 'id' SQL Injection
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to ex
23RISK
open ↗Exploit-DB
Bolt CMS < 3.6.2 - Cross-Site Scripting
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and Ne
23RISK
open ↗Exploit-DB
Integria IMS 5.0.83 - Cross-Site Request Forgery
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary
23RISK
open ↗Exploit-DB
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain
23RISK
open ↗Exploit-DB
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
23RISK
open ↗Exploit-DB
IBM Operational Decision Manager 8.x - XML External Entity Injection
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) a
46RISK
open ↗Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD re
28RISK
open ↗Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST re
28RISK
open ↗Exploit-DB
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet
35RISK
open ↗Exploit-DB
SDL Web Content Manager 8.5.0 - XML External Entity Injection
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive
23RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.