Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleimedium
Skysa App Bar 1.04 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly befor
38RISK
open
Nucleimedium
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress
43RISK
open
Nucleimedium
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.
43RISK
open
Nucleimedium
Featurific For WordPress 1.6.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress
38RISK
open
Nucleimedium
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RISK
open
Nucleimedium
Apache Struts <2.3.1.1 - Remote Code Execution
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RISK
open
Nucleimedium
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remo
43RISK
open
Nucleimedium
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows r
38RISK
open
Nucleimedium
phpShowtime 2.0 - Directory Traversal
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image fil
43RISK
open
Nucleilow
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files v
43RISK
open
Nucleimedium
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary f
38RISK
open
Nucleihigh
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
36RISK
open
Nucleihigh
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files
43RISK
open
Nucleihigh
PHP CGI v5.3.12/5.4.2 Remote Code Execution
CVE-2012-1823CRITICALunder attack
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISK
open
Nucleimedium
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress al
38RISK
open
Nucleimedium
WP-FaceThumb 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attacke
43RISK
open
Nucleimedium
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISK
open
Nucleimedium
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users t
38RISK
open
Nucleimedium
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to in
38RISK
open
Nucleimedium
MySQLDumper 1.24.4 - Directory Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a
38RISK
open
Nucleimedium
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for Wor
18RISK
open
Nucleimedium
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
18RISK
open
Nucleimedium
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac
43RISK
open
Nucleimedium
FlatnuX CMS - Directory Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to r
38RISK
open
Nucleimedium
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inje
38RISK
open
Nucleimedium
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RISK
open
Nucleimedium
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to
38RISK
open
Nucleimedium
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frame
43RISK
open
Nucleimedium
WordPress Integrator 1.32 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allo
38RISK
open
Nucleimedium
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
43RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.