Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
4,188 exploits
Nucleicritical
PHPSHE 1.7 - SQL Injection
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnera
18RISK
open
Nucleicritical
Sitecore Experience Platform - Deserialization of Untrusted Data
CVE-2019-9874CRITICALunder attack
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 an
95RISK
open
Nucleicritical
WPGraphQL 0.2.3 - User Creation
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever
50RISK
open
Nucleicritical
WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible,
50RISK
open
Nucleimedium
WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on
43RISK
open
Nucleimedium
WP Google Maps < 7.10.43 - Cross-Site Scripting
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
18RISK
open
Nucleimedium
GetSimple CMS 3.3.13 - Open Redirect
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
18RISK
open
Nucleihigh
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access t
33RISK
open
Nucleimedium
Zyxel - Cross-Site Scripting
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, U
43RISK
open
Nucleimedium
WordPress Social Warfare <3.5.3 - Cross-Site Scripting
CVE-2019-9978MEDIUMunder attack
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISK
open
Nucleihigh
Microsoft SQL Server Reporting Services - Remote Code Execution
CVE-2020-0618CRITICALunder attack
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RISK
open
Nucleicritical
SolarWinds Orion API - Auth Bypass
CVE-2020-10148CRITICALunder attack
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RISK
open
Nucleicritical
ManageEngine Desktop Central Java Deserialization
CVE-2020-10189CRITICALunder attack
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RISK
open
Nucleihigh
Sonatype Nexus Repository Manager 3 - Remote Code Execution
CVE-2020-10199HIGHunder attack
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RISK
open
Nucleicritical
rConfig 3.9 - SQL Injection
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISK
open
Nucleicritical
ThemeREX Addons - Remote Code Execution
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST
43RISK
open
Nucleicritical
WatchGuard Fireware AD Helper Component - Credentials Disclosure
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext password
18RISK
open
Nucleicritical
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, n
40RISK
open
Nucleicritical
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by defa
30RISK
open
Nucleicritical
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passw
30RISK
open
Nucleicritical
rConfig <=3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' pass
30RISK
open
Nucleimedium
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using
50RISK
open
Nucleihigh
WAVLINK - Access Control
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/Ex
18RISK
open
Nucleicritical
Tenda AC15 AC1900 version 15.03.05.19 - Command Injection
CVE-2020-10987CRITICALunder attack
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary s
100RISK
open
Nucleimedium
GLPI <9.4.6 - Open Redirect
bypass of manageRedirect in GLPI
28RISK
open
Nucleimedium
Grafana <= 6.7.1 - Cross-Site Scripting
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an a
18RISK
open
Nucleimedium
phpMyAdmin 5.0.2 - CRLF Injection
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF s
18RISK
open
Nucleihigh
MicroStrategy Web 10.4 - Information Disclosure
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information throu
23RISK
open
Nucleicritical
LimeSurvey 4.1.11 - Local File Inclusion
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RISK
open
Nucleicritical
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPres
18RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.