Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,046cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,079VulnCheck XDB 8,060Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
4,187 exploits
Nucleimedium
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST reque
30RISK
open ↗Nucleimedium
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker
50RISK
open ↗Nucleicritical
Cisco IOS HTTP Configuration - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when lo
50RISK
open ↗Nucleihigh
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as othe
43RISK
open ↗Nucleimedium
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary sc
43RISK
open ↗Nucleimedium
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote atta
38RISK
open ↗Nucleimedium
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hid
60RISK
open ↗Nucleimedium
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote att
38RISK
open ↗Nucleicritical
Horde Groupware Unauthenticated Admin Access
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote at
18RISK
open ↗Nucleimedium
SAP Web Application Server 6.x/7.0 - Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log use
43RISK
open ↗Nucleimedium
Cofax <=2.0RC3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject ar
38RISK
open ↗Nucleimedium
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary w
18RISK
open ↗Nucleihigh
Squirrelmail <=1.4.6 - Local File Inclusion
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals i
50RISK
open ↗Nucleimedium
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote
60RISK
open ↗Nucleimedium
Jira Rainbow.Zen - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extensi
38RISK
open ↗Nucleimedium
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomca
60RISK
open ↗Nucleicritical
Alcatel-Lucent OmniPCX - Remote Command Execution
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows rem
100RISK
open ↗Nucleimedium
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allo
38RISK
open ↗Nucleimedium
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursive
23RISK
open ↗Nucleimedium
phpPgAdmin <=4.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inje
43RISK
open ↗Nucleihigh
WordPress Sniplets 1.1.2 - Local File Inclusion
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RISK
open ↗Nucleimedium
WordPress Sniplets <=1.2.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote at
38RISK
open ↗Nucleimedium
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2
50RISK
open ↗Nucleimedium
Bitrix Site Management 2.x - Open Redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbi
18RISK
open ↗Nucleimedium
AppServ Open Project <=2.5.10 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers
38RISK
open ↗Nucleimedium
CMSimple 3.1 - Local File Inclusion
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote a
43RISK
open ↗Nucleicritical
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote atta
43RISK
open ↗Nucleimedium
Joomla! <=2.0.0 RC2 - Local File Inclusion
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote
43RISK
open ↗Nucleimedium
phpPgAdmin <=4.2.1 - Local File Inclusion
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is ena
43RISK
open ↗Nucleimedium
Joomla! ionFiles 4.4.2 - Local File Inclusion
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remo
43RISK
open ↗page 1 / 140next →
We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.