Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
4,191 exploits
Nucleihigh
muhttpd <=1.1.5 - Local Inclusion
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL wi
23RISK
open
Nucleihigh
TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the
61RISK
open
Nucleicritical
RocketMQ <= 5.1.0 - Remote Code Execution
CVE-2023-33246CRITICALunder attack
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISK
open
Nucleicritical
Apache RocketMQ - Remote Command Execution
Apache RocketMQ: Possible remote code execution when using the update configuration function
85RISK
open
Nucleicritical
Fortinet Forticlient Endpoint Management Server - SQL Injection
CVE-2023-48788CRITICALunder attackransomware
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RISK
open
Nucleihigh
ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandl
18RISK
open
Nucleicritical
Fortinet FortiSIEM - OS Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
85RISK
open
Nucleihigh
Pure-FTPd < 1.0.52 - Buffer Overflow
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the
36RISK
open
Nucleihigh
ProFTPD ≤ 1.3.8b - Privilege Escalation via mod_sql
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of th
36RISK
open
Nucleicritical
Fortinet FortiSIEM - OS Command Injection
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
75RISK
open
Nucleicritical
Samba Printing Subsystem - Remote Code Execution
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open
Nucleicritical
Rubedo CMS <=3.4.0 - Directory Traversal
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RISK
open
Nucleimedium
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related i
18RISK
open
Nucleimedium
Apache2 - Transfer-Encoding Chunked XSS
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS
18RISK
open
Nucleicritical
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RISK
open
Nucleicritical
LG Supersign EZ CMS - Remote Code Execution
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISK
open
Nucleicritical
WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RISK
open
Nucleicritical
Kibana - Local File Inclusion
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with
60RISK
open
Nucleicritical
Joomla! JCK Editor SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RISK
open
Nucleihigh
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as de
30RISK
open
Nucleimedium
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/
18RISK
open
Nucleicritical
Comodo Unified Threat Management Web Console - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISK
open
Nucleimedium
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_fil
23RISK
open
Nucleihigh
Kubernetes Dashboard <1.10.1 - Authentication Bypass
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for rea
40RISK
open
Nucleihigh
Centos Web Panel 0.9.8.480 - Local File Inclusion
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/
60RISK
open
Nucleihigh
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
CVE-2018-18325HIGHunder attack
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RISK
open
Nucleimedium
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 has XSS.
18RISK
open
Nucleimedium
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is u
18RISK
open
Nucleimedium
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (
38RISK
open
Nucleimedium
Microstrategy Web 7 - Local File Inclusion
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subp
43RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.