Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
4,187 exploits
Nucleimedium
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
18RISK
open ↗Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISK
open ↗Nucleihigh
Apache Tomcat Servers - Remote Code Execution
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISK
open ↗Nucleihigh
Apache Tomcat - Remote Code Execution
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RISK
open ↗Nucleicritical
Apache Solr <= 7.1 - XML Entity Injection
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RISK
open ↗Nucleicritical
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISK
open ↗Nucleihigh
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RISK
open ↗Nucleimedium
Django Debug Page - Cross-Site Scripting
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for
23RISK
open ↗Nucleicritical
OpenDreambox 2.0.0 - Remote Code Execution
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote
23RISK
open ↗Nucleimedium
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions un
18RISK
open ↗Nucleimedium
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redi
18RISK
open ↗Nucleihigh
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISK
open ↗Nucleimedium
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RISK
open ↗Nucleimedium
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress
18RISK
open ↗Nucleimedium
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or
18RISK
open ↗Nucleimedium
WordPress < 4.8.2 - Authenticated Open Redirect
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/us
18RISK
open ↗Nucleihigh
Node.js <8.6.0 - Directory Traversal
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
30RISK
open ↗Nucleicritical
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication,
30RISK
open ↗Nucleimedium
Dreambox WebControl 2.0.0 - Cross-Site Scripting
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouq
38RISK
open ↗Nucleihigh
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used
23RISK
open ↗Nucleihigh
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a cra
43RISK
open ↗Nucleihigh
Apache httpd <=2.4.29 - Arbitrary File Upload
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a ma
60RISK
open ↗Nucleicritical
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISK
open ↗Nucleihigh
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RISK
open ↗Nucleihigh
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to
23RISK
open ↗Nucleihigh
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RISK
open ↗Nucleimedium
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/
18RISK
open ↗Nucleimedium
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via
18RISK
open ↗Nucleimedium
WordPress < 4.9.1 - Authenticated JavaScript File Upload
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js fi
18RISK
open ↗Nucleimedium
WordPress Mailster <=1.5.4 - Cross-Site Scripting
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subsc
18RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.