Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
CVE-2024-12344MEDIUM17 Apr 2025
TP-Link VN020 F3v(T) FTP USER Command memory corruption
33RISK
open
Exploit-DB
Usermin 2.100 - Username Enumeration
CVE-2024-44762MEDIUM17 Apr 2025
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid
48RISK
open
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
CVE-2024-12342HIGH17 Apr 2025
TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service
41RISK
open
Exploit-DB
Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
CVE-2024-42640CRITICAL17 Apr 2025
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Explo
75RISK
open
Exploit-DB
compop.ca 3.5.3 - Arbitrary code Execution
CVE-2024-48445CRITICAL17 Apr 2025
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and t
48RISK
open
Exploit-DB
ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
CVE-2024-48840CRITICAL17 Apr 2025
Unauthorized Access
48RISK
open
Exploit-DB
WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
CVE-2024-0399HIGH16 Apr 2025
WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection
41RISK
open
Exploit-DB
Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account
CVE-2021-3321616 Apr 2025
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowin
28RISK
open
Exploit-DB
FLIR AX8 1.46.16 - Remote Command Injection
CVE-2022-3706116 Apr 2025
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This
60RISK
open
Exploit-DB
Smart Manager 8.27.0 - Post-Authenticated SQL Injection
CVE-2024-0566HIGH16 Apr 2025
Smart Manager < 8.28.0 - Admin+ SQL Injection
41RISK
open
Exploit-DB
Garage Management System 1.0 (categoriesName) - Stored XSS
CVE-2022-41358MEDIUM16 Apr 2025
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary
33RISK
open
Exploit-DB
Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)
CVE-2024-46278HIGH16 Apr 2025
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
41RISK
open
Exploit-DB
ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)
CVE-2023-2660216 Apr 2025
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create exten
28RISK
open
Exploit-DB
WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
CVE-2024-23733HIGH16 Apr 2025
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core
41RISK
open
Exploit-DB
ProConf 6.0 - Insecure Direct Object Reference (IDOR)
CVE-2018-1660616 Apr 2025
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted paper
23RISK
open
Exploit-DB
Fortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass
CVE-2022-40684CRITICALunder attackransomware16 Apr 2025
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISK
open
Exploit-DB
Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)
CVE-2024-11392HIGH16 Apr 2025
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames
CVE-2024-55889MEDIUM16 Apr 2025
phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames
33RISK
open
Exploit-DB
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
CVE-2022-4407CRITICAL16 Apr 2025
Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
48RISK
open
Exploit-DB
Zabbix 7.0.0 - SQL Injection
CVE-2024-42327CRITICAL16 Apr 2025
SQL injection in user.get API
70RISK
open
Exploit-DB
NagVis 1.9.33 - Arbitrary File Read
CVE-2022-46945CRITICAL16 Apr 2025
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagV
48RISK
open
Exploit-DB
Ethercreative Logs 3.0.3 - Path Traversal
CVE-2022-2340916 Apr 2025
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in
28RISK
open
Exploit-DB
Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)
CVE-2018-120716 Apr 2025
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open
Exploit-DB
Car Rental Project 1.0 - Remote Code Execution
CVE-2020-550916 Apr 2025
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile ima
23RISK
open
Exploit-DB
Really Simple Security 9.1.1.1 - Authentication Bypass
CVE-2024-10924CRITICAL15 Apr 2025
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RISK
open
Exploit-DB
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
CVE-2024-25641CRITICAL15 Apr 2025
Cacti RCE vulnerability when importing packages
85RISK
open
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
CVE-2024-6516CRITICAL15 Apr 2025
Cross Site Scripting XSS
48RISK
open
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
CVE-2024-6516CRITICAL15 Apr 2025
Cross Site Scripting XSS
48RISK
open
Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
CVE-2024-6516CRITICAL15 Apr 2025
Cross Site Scripting XSS
48RISK
open
Exploit-DB
IBMi Navigator 7.5 - HTTP Security Token Bypass
CVE-2024-51464MEDIUM15 Apr 2025
IBM i authentication bypass
33RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.