Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleimedium
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_fil
23RISK
open
Nucleihigh
Kubernetes Dashboard <1.10.1 - Authentication Bypass
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for rea
40RISK
open
Nucleihigh
Centos Web Panel 0.9.8.480 - Local File Inclusion
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/
60RISK
open
Nucleihigh
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
CVE-2018-18325HIGHunder attack
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RISK
open
Nucleimedium
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 has XSS.
18RISK
open
Nucleimedium
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is u
18RISK
open
Nucleimedium
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (
38RISK
open
Nucleimedium
Microstrategy Web 7 - Local File Inclusion
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subp
43RISK
open
Nucleimedium
ACME mini_httpd <1.30 - Local File Inclusion
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
40RISK
open
Nucleimedium
TIBCO JasperReports Library - Directory Traversal
CVE-2018-18809CRITICALunder attack
TIBCO JasperReports Library Directory Traversal Vulnerability
100RISK
open
Nucleicritical
Gogs (Go Git Service) 0.11.66 - Remote Code Execution
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s
30RISK
open
Nucleicritical
PHPCMS 2008 - Remote Code Execution via Template Injection
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cach
23RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
38RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
18RISK
open
Nucleicritical
WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RISK
open
Nucleicritical
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISK
open
Nucleimedium
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes
38RISK
open
Nucleihigh
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
18RISK
open
Nucleicritical
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via
23RISK
open
Nucleimedium
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component,
18RISK
open
Nucleicritical
PRTG Network Monitor - Local File Inclusion
CVE-2018-19410CRITICALunder attack
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privile
100RISK
open
Nucleimedium
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later vers
23RISK
open
Nucleihigh
PHP Proxy 3.0.3 - Local File Inclusion
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI UR
50RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
38RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
38RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
38RISK
open
Nucleihigh
Tarantella Enterprise <3.11 - Local File Inclusion
Tarantella Enterprise before 3.11 allows Directory Traversal.
23RISK
open
Nucleimedium
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
43RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
18RISK
open
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
38RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.