Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleimedium
Zimbra Collaboration Suite - Cross-site Scripting
CVE-2018-6882MEDIUMunder attackransomware
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Sui
63RISK
open
Nucleihigh
DedeCMS 5.7 - Path Disclosure
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/in
23RISK
open
Nucleicritical
VMware NSX SD-WAN Edge - Command Injection
CVE-2018-6961HIGHunder attack
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web U
100RISK
open
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remot
18RISK
open
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attac
18RISK
open
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers
18RISK
open
Nucleicritical
Anchor CMS 0.12.3 - Error Log Exposure
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RISK
open
Nucleicritical
TITool PrintMonitor - Blind SQL Injection
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based b
23RISK
open
Nucleicritical
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerabil
50RISK
open
Nucleihigh
WordPress Site Editor <=1.1.1 - Local File Inclusion
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to re
50RISK
open
Nucleihigh
AxxonSoft Axxon Next - Local File Inclusion
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.
23RISK
open
Nucleihigh
uWSGI PHP Plugin Local File Inclusion
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversa
50RISK
open
Nucleicritical
Drupal - Remote Code Execution
CVE-2018-7600CRITICALunder attackransomware
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
Nucleicritical
Drupal - Remote Code Execution
CVE-2018-7602CRITICALunder attackransomware
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
100RISK
open
Nucleimedium
YzmCMS v3.6 - Cross-Site Scripting
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
38RISK
open
Nucleimedium
CouchCMS <= 2.0 - Path Disclosure
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.fun
30RISK
open
Nucleihigh
DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php
40RISK
open
Nucleihigh
Acrolinx Server <5.2.5 - Local File Inclusion
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
50RISK
open
Nucleihigh
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software ve
18RISK
open
Nucleicritical
Schneider Electric U.motion Builder - Remote Code Execution
CVE-2018-7841CRITICALunder attack
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RISK
open
Nucleimedium
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console
30RISK
open
Nucleimedium
Apache Spark UI - Cross-Site Scripting
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointin
18RISK
open
Nucleihigh
Apache OFBiz - XML External Entity Injection
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles re
23RISK
open
Nucleihigh
AppWeb - Authentication Bypass
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in
23RISK
open
Nucleimedium
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-securit
43RISK
open
Nucleihigh
Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system
18RISK
open
Nucleimedium
Cobub Razor 0.8.0 - Information Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, contro
50RISK
open
Nucleicritical
PrestaShop Responsive Mega Menu Module - Remote Code Execution
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for Pre
30RISK
open
Nucleihigh
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Direct
50RISK
open
Nucleicritical
PrismaWEB - Credentials Disclosure
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the
30RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.