Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
AllExploit-DB 22,786Referência 19,896GitHub PoC 13,187VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
4,191 exploits
Nucleihigh
muhttpd <=1.1.5 - Local Inclusion
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL wi
23RISK
open ↗Nucleihigh
TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the
61RISK
open ↗Nucleicritical
RocketMQ <= 5.1.0 - Remote Code Execution
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open ↗Nucleicritical
Apache RocketMQ - Remote Command Execution
Apache RocketMQ: Possible remote code execution when using the update configuration function
85RISK
open ↗Nucleicritical
Fortinet Forticlient Endpoint Management Server - SQL Injection
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RISK
open ↗Nucleihigh
ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandl
18RISK
open ↗Nucleicritical
Fortinet FortiSIEM - OS Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
85RISK
open ↗Nucleihigh
Pure-FTPd < 1.0.52 - Buffer Overflow
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the
36RISK
open ↗Nucleihigh
ProFTPD ≤ 1.3.8b - Privilege Escalation via mod_sql
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of th
36RISK
open ↗Nucleicritical
Fortinet FortiSIEM - OS Command Injection
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
75RISK
open ↗Nucleicritical
Samba Printing Subsystem - Remote Code Execution
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open ↗Nucleicritical
Rubedo CMS <=3.4.0 - Directory Traversal
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RISK
open ↗Nucleimedium
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related i
18RISK
open ↗Nucleimedium
Apache2 - Transfer-Encoding Chunked XSS
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS
18RISK
open ↗Nucleicritical
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RISK
open ↗Nucleicritical
LG Supersign EZ CMS - Remote Code Execution
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISK
open ↗Nucleicritical
WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RISK
open ↗Nucleicritical
Kibana - Local File Inclusion
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with
60RISK
open ↗Nucleicritical
Joomla! JCK Editor SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RISK
open ↗Nucleihigh
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as de
30RISK
open ↗Nucleimedium
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/
18RISK
open ↗Nucleicritical
Comodo Unified Threat Management Web Console - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISK
open ↗Nucleimedium
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_fil
23RISK
open ↗Nucleihigh
Kubernetes Dashboard <1.10.1 - Authentication Bypass
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for rea
40RISK
open ↗Nucleihigh
Centos Web Panel 0.9.8.480 - Local File Inclusion
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/
60RISK
open ↗Nucleihigh
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RISK
open ↗Nucleimedium
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 has XSS.
18RISK
open ↗Nucleimedium
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is u
18RISK
open ↗Nucleimedium
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (
38RISK
open ↗Nucleimedium
Microstrategy Web 7 - Local File Inclusion
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subp
43RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.