Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
4,190 exploits
Nucleimedium
Drupal 7 CKEditor XSS
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1
18RISK
open ↗Nucleimedium
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an appl
18RISK
open ↗Nucleimedium
Accela Civic Platform <=21.1 - Cross-Site Scripting
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The
43RISK
open ↗Nucleicritical
Chamilo model.ajax.php - SQL Injection
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 p
23RISK
open ↗Nucleimedium
Accela Civic Platform <=21.1 - Cross-Site Scripting
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are
38RISK
open ↗Nucleicritical
Eclipse BIRT Viewer - Remote Code Execution
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RISK
open ↗Nucleimedium
Eclipse Jetty - Information Disclosure
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RISK
open ↗Nucleicritical
Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Nucleicritical
WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
75RISK
open ↗Nucleicritical
WordPress ProfilePress <= 3.1.3 - Privilege Escalation
ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
43RISK
open ↗Nucleicritical
WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload
ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component
43RISK
open ↗Nucleimedium
GTranslate < 2.8.65 - Cross-Site Scripting
Reflected XSS in GTranslate Pro and GTranslate Enterprise < 2.8.65
28RISK
open ↗Nucleimedium
WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting
28RISK
open ↗Nucleimedium
WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
Skaut bazar <= 1.3.2 Reflected Cross-Site Scripting
28RISK
open ↗Nucleihigh
FAUST iServer 9.0.018.018.4 - Local File Inclusion
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau
23RISK
open ↗Nucleicritical
Kramer VIAware - Privilege Escalation and Remote Code Execution
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits runn
60RISK
open ↗Nucleihigh
SolarWinds Serv-U 15.3 - Directory Traversal
Directory Transversal Vulnerability in Serv-U 15.3
61RISK
open ↗Nucleimedium
MaxSite CMS > V106 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attacke
18RISK
open ↗Nucleimedium
Bludit 3.13.1 - Cross Site Scripting
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
38RISK
open ↗Nucleicritical
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web A
23RISK
open ↗Nucleihigh
TermTalk Server 3.24.0.2 - Local File Inclusion
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthe
50RISK
open ↗Nucleicritical
RealTek Jungle SDK - Arbitrary Command Injection
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be u
95RISK
open ↗Nucleicritical
ForgeRock OpenAM <7.0 - Remote Code Execution
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pa
100RISK
open ↗Nucleimedium
Thruk 2.40-2 - Cross-Site Scripting
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title paramete
18RISK
open ↗Nucleicritical
Oracle Access Manager - Remote Code Execution
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RISK
open ↗Nucleihigh
Motorola Baby Monitors - Remote Command Execution
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras tha
48RISK
open ↗Nucleicritical
Hikvision IP camera/NVR - Remote Command Execution
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISK
open ↗Nucleicritical
Kramer VIAware - Remote Code Execution
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePa
50RISK
open ↗Nucleicritical
Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dns
95RISK
open ↗Nucleimedium
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
30RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.