Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleihigh
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
CVE-2010-2861CRITICALunder attackransomware
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow re
100RISK
open
Nucleihigh
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component
43RISK
open
Nucleimedium
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allow
38RISK
open
Nucleimedium
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read
38RISK
open
Nucleihigh
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remo
43RISK
open
Nucleihigh
Camtron CMNC-200 IP Camera - Directory Traversal
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera an
38RISK
open
Nucleicritical
Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
23RISK
open
Nucleihigh
Pandora Fms < 3.1.1 - Directory Traversal
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute a
43RISK
open
Nucleimedium
Joomla! Component JotLoader 2.2.1 - Local File Inclusion
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers t
38RISK
open
Nucleihigh
Joomla! Component JRadio - Local File Inclusion
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to r
43RISK
open
Nucleihigh
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read a
38RISK
open
Nucleihigh
Joomla! Component Canteen 1.0 - Local File Inclusion
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers t
43RISK
open
Nucleihigh
Joomla! Component JE Job 1.0 - Local File Inclusion
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to e
38RISK
open
Nucleimedium
MODx manager - Local File Inclusion
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possi
43RISK
open
Nucleicritical
Joomla! Component Jstore - 'Controller' Local File Inclusion
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary
43RISK
open
Nucleimedium
Majordomo2 - SMTP/HTTP Directory Traversal
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allo
60RISK
open
Nucleicritical
LotusCMS 3.0 - Remote Code Execution
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allo
43RISK
open
Nucleimedium
WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote a
43RISK
open
Nucleimedium
Chyrp 2.x - Local File Inclusion
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary loca
38RISK
open
Nucleimedium
Chyrp 2.x - Local File Inclusion
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitr
43RISK
open
Nucleihigh
Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x befor
43RISK
open
Nucleihigh
Apache OFBiz - XML External Entity Injection
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing
23RISK
open
Nucleimedium
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
38RISK
open
Nucleimedium
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress a
43RISK
open
Nucleimedium
GRAND FlAGallery 1.57 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.5
18RISK
open
Nucleimedium
WebTitan < 3.60 - Local File Inclusion
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to r
38RISK
open
Nucleimedium
Joomla! Component com_kp - 'Controller' Local File Inclusion
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attack
43RISK
open
Nucleimedium
Adminimize 1.7.22 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for Wo
43RISK
open
Nucleimedium
WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordP
43RISK
open
Nucleimedium
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier,
38RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.