Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2020-5847
CVE-2020-5847CRITICALunder attack
Unraid through 6.8.0 allows Remote Code Execution.
100RISK
open
Referência
CVE-2019-1663
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Referência
CVE-2019-1663
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Referência
CVE-2019-1663
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Referência
CVE-2019-1663
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open
Referência
CVE-2015-0313
CVE-2015-0313HIGHunder attack
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows
100RISK
open
Referência
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISK
open
Referência
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISK
open
Referência
CVE-2026-7222
code-projects Coaching Management System Complaint Form complaint.php cross site scripting
33RISK
open
Referência
CVE-2016-0752
CVE-2016-0752HIGHunder attack
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.
100RISK
open
Referência
CVE-2022-41352
CVE-2022-41352CRITICALunder attack
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through ama
100RISK
open
Referência
phpMyAdmin - '/scripts/setup.php' PHP Code Injection
CVE-2009-1151CRITICALunder attack
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remo
100RISK
open
Referência
CVE-2011-0049
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allo
60RISK
open
Referência
CVE-2019-11580
CVE-2019-11580CRITICALunder attackransomware
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attac
100RISK
open
Referência
CVE-2026-9512
Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection
33RISK
open
Referência
CVE-2019-7609
CVE-2019-7609CRITICALunder attack
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISK
open
Referência
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open
Referência
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open
Referência
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh c
60RISK
open
Referência
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windo
60RISK
open
Referência
BIND 9.x - Remote DNS Cache Poisoning
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windo
60RISK
open
Referência
BIND 9.x - Remote DNS Cache Poisoning
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windo
60RISK
open
Referência
CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka k
60RISK
open
Referência
CVE-2024-0204
Authentication Bypass in GoAnywhere MFT
85RISK
open
Referência
CVE-2024-0204
Authentication Bypass in GoAnywhere MFT
85RISK
open
Referência
CVE-2014-6332
CVE-2014-6332HIGHunder attack
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open
Referência
CVE-2014-6332
CVE-2014-6332HIGHunder attack
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open
Referência
CVE-2014-6332
CVE-2014-6332HIGHunder attack
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open
Referência
CVE-2014-6332
CVE-2014-6332HIGHunder attack
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open
Referência
CVE-2014-6332
CVE-2014-6332HIGHunder attack
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.