Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
4,187 exploits
Nucleimedium
Skysa App Bar 1.04 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly befor
38RISK
open ↗Nucleimedium
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress
43RISK
open ↗Nucleimedium
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.
43RISK
open ↗Nucleimedium
Featurific For WordPress 1.6.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress
38RISK
open ↗Nucleimedium
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RISK
open ↗Nucleimedium
Apache Struts <2.3.1.1 - Remote Code Execution
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RISK
open ↗Nucleimedium
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remo
43RISK
open ↗Nucleimedium
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows r
38RISK
open ↗Nucleimedium
phpShowtime 2.0 - Directory Traversal
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image fil
43RISK
open ↗Nucleilow
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files v
43RISK
open ↗Nucleimedium
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary f
38RISK
open ↗Nucleihigh
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
36RISK
open ↗Nucleihigh
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files
43RISK
open ↗Nucleihigh
PHP CGI v5.3.12/5.4.2 Remote Code Execution
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISK
open ↗Nucleimedium
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress al
38RISK
open ↗Nucleimedium
WP-FaceThumb 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attacke
43RISK
open ↗Nucleimedium
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISK
open ↗Nucleimedium
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users t
38RISK
open ↗Nucleimedium
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to in
38RISK
open ↗Nucleimedium
MySQLDumper 1.24.4 - Directory Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a
38RISK
open ↗Nucleimedium
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for Wor
18RISK
open ↗Nucleimedium
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
18RISK
open ↗Nucleimedium
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac
43RISK
open ↗Nucleimedium
FlatnuX CMS - Directory Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to r
38RISK
open ↗Nucleimedium
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inje
38RISK
open ↗Nucleimedium
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RISK
open ↗Nucleimedium
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to
38RISK
open ↗Nucleimedium
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frame
43RISK
open ↗Nucleimedium
WordPress Integrator 1.32 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allo
38RISK
open ↗Nucleimedium
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
43RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.