Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleihigh
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
50RISK
open
Nucleicritical
Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RISK
open
Nucleicritical
Etherpad Lite <1.6.4 - Admin Authentication Bypass
Etherpad Lite before 1.6.4 is exploitable for admin access.
23RISK
open
Nucleicritical
TBK DVR4104/DVR4216 Devices - Authentication Bypass
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR L
60RISK
open
Nucleicritical
ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/con
18RISK
open
Nucleicritical
Apache Solr - Deserialization of Untrusted Data
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP
60RISK
open
Nucleihigh
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
CVE-2019-0193HIGHunder attack
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources,
100RISK
open
Nucleimedium
Apache Tomcat - Cross-Site Scripting
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided
50RISK
open
Nucleicritical
Apache Struts <=2.5.20 - Remote Code Execution
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISK
open
Nucleihigh
Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open
Nucleihigh
Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISK
open
Nucleicritical
Kentico CMS Insecure Deserialization Remote Code Execution
CVE-2019-10068CRITICALunder attack
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISK
open
Nucleimedium
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page
60RISK
open
Nucleimedium
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential m
60RISK
open
Nucleimedium
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to ex
18RISK
open
Nucleimedium
Babel - Open Redirect
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is sup
18RISK
open
Nucleicritical
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
23RISK
open
Nucleimedium
Jenkins <=2.196 - Cookie Exposure
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/
30RISK
open
Nucleimedium
Jenkins build-metrics 1.3 - Cross-Site Scripting
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RISK
open
Nucleicritical
WordPress Google Maps <7.11.18 - SQL Injection
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize
40RISK
open
Nucleihigh
BlogEngine.NET 3.3.7.0 - Local File Inclusion
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
18RISK
open
Nucleicritical
mongo-express Remote Code Execution
CVE-2019-10758CRITICALunder attack
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse
100RISK
open
Nucleimedium
Nimble Streamer <=3.5.4-9 - Local File Inclusion
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow
43RISK
open
Nucleihigh
Debug Endpoint pprof - Exposure Detection
Kubernetes kubelet exposes /debug/pprof info on healthz port
40RISK
open
Nucleihigh
Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
41RISK
open
Nucleimedium
Carel pCOWeb <B1.2.4 - Cross-Site Scripting
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" f
38RISK
open
Nucleimedium
Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on t
28RISK
open
Nucleicritical
Pulse Connect Secure SSL VPN Arbitrary File Read
CVE-2019-11510CRITICALunder attackransomware
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISK
open
Nucleicritical
Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
CVE-2019-11580CRITICALunder attackransomware
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attac
100RISK
open
Nucleicritical
Atlassian Jira Server-Side Template Injection
CVE-2019-11581CRITICALunder attack
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators an
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.