Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Camaleon CMS Directory Traversal CVE-2024-46987
CVE-2024-46987HIGH08 Aug 2024
Arbitrary path traversal in Camaleon CMS
61RISK
open
Metasploit500
Asterisk AMI Originate Authenticated RCE
CVE-2024-42365HIGH08 Aug 2024
Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
36RISK
open
Metasploit300
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVE-2024-7593CRITICALunder attack05 Aug 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remo
100RISK
open
Metasploit600
Calibre Python Code Injection (CVE-2024-6782)
CVE-2024-6782CRITICAL31 Jul 2024
Calibre Remote Code Execution
85RISK
open
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-2961HIGH26 Jul 2024
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RISK
open
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-34102CRITICALunder attack26 Jul 2024
XXE can expose crypt key and other secrets granting full admin access
100RISK
open
Metasploit600
Acronis Cyber Infrastructure default password remote code execution
CVE-2023-45249CRITICALunder attack24 Jul 2024
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastruct
85RISK
open
Metasploit300
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
CVE-2024-20419CRITICAL20 Jul 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RISK
open
Metasploit600
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
CVE-2024-11680CRITICALunder attack19 Jul 2024
ProjectSend Unauthenticated Configuration Modification
100RISK
open
Metasploit600
Authenticated RCE in Splunk (splunk_archiver app)
CVE-2024-36985HIGH01 Jul 2024
Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
36RISK
open
Metasploit600
Geoserver unauthenticated Remote Code Execution
CVE-2024-36401CRITICALunder attack01 Jul 2024
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open
Metasploit300
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
CVE-2024-5806CRITICAL25 Jun 2024
MOVEit Transfer Authentication Bypass Vulnerability
85RISK
open
Metasploit300
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
CVE-2024-5276CRITICAL25 Jun 2024
SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)
65RISK
open
Metasploit500
vCenter Sudo Privilege Escalation
CVE-2024-37081HIGH18 Jun 2024
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An auth
36RISK
open
Metasploit300
Magento XXE Unserialize Arbitrary File Read
CVE-2024-34102CRITICALunder attack11 Jun 2024
XXE can expose crypt key and other secrets granting full admin access
100RISK
open
Metasploit600
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
CVE-2024-30038HIGH11 Jun 2024
Win32k Elevation of Privilege Vulnerability
36RISK
open
Metasploit600
Windows Access Mode Mismatch LPE in ks.sys
CVE-2024-35250HIGHunder attack11 Jun 2024
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RISK
open
Metasploit600
PHP CGI Argument Injection Remote Code Execution
CVE-2024-4577CRITICALunder attackransomware06 Jun 2024
Argument Injection in PHP-CGI
100RISK
open
Metasploit300
Telerik Report Server Auth Bypass
CVE-2024-4358CRITICALunder attack04 Jun 2024
Registration Authentication Bypass Vulnerability
100RISK
open
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-4358CRITICALunder attack04 Jun 2024
Registration Authentication Bypass Vulnerability
100RISK
open
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-1800CRITICAL04 Jun 2024
Progress Telerik Report Server Deserialization
55RISK
open
Metasploit0
macOS PackageKit ZSH Environment Privilege Escalation
CVE-2024-27822HIGH03 Jun 2024
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to
36RISK
open
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-32113CRITICALunder attack30 May 2024
Apache OFBiz: Path traversal leading to RCE
100RISK
open
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-38856HIGHunder attack30 May 2024
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
100RISK
open
Metasploit600
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
CVE-2024-23692CRITICALunder attack25 May 2024
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISK
open
Metasploit300
Ivanti EPM RecordGoodApp SQLi RCE
CVE-2024-29824CRITICALunder attack24 May 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated att
100RISK
open
Metasploit600
WordPress Hash Form Plugin RCE
CVE-2024-5084CRITICAL23 May 2024
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
75RISK
open
Metasploit600
Atlassian Confluence Administrator Code Macro Remote Code Execution
CVE-2024-21683HIGH21 May 2024
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISK
open
Metasploit600
Cacti Import Packages RCE
CVE-2024-25641CRITICAL12 May 2024
Cacti RCE vulnerability when importing packages
85RISK
open
Metasploit600
DIAEnergie SQL Injection (CVE-2024-4548)
CVE-2024-4548CRITICAL06 May 2024
Delta Electronics DIAEnergie SQL Injection
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.