Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
4,187 exploits
Nucleimedium
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
18RISK
open
Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISK
open
Nucleihigh
Apache Tomcat Servers - Remote Code Execution
CVE-2017-12615HIGHunder attackransomware
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISK
open
Nucleihigh
Apache Tomcat - Remote Code Execution
CVE-2017-12617HIGHunder attack
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RISK
open
Nucleicritical
Apache Solr <= 7.1 - XML Entity Injection
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RISK
open
Nucleicritical
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISK
open
Nucleihigh
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
CVE-2017-12637HIGHunder attack
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RISK
open
Nucleimedium
Django Debug Page - Cross-Site Scripting
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for
23RISK
open
Nucleicritical
OpenDreambox 2.0.0 - Remote Code Execution
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote
23RISK
open
Nucleimedium
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions un
18RISK
open
Nucleimedium
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redi
18RISK
open
Nucleihigh
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISK
open
Nucleimedium
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RISK
open
Nucleimedium
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress
18RISK
open
Nucleimedium
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or
18RISK
open
Nucleimedium
WordPress < 4.8.2 - Authenticated Open Redirect
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/us
18RISK
open
Nucleihigh
Node.js <8.6.0 - Directory Traversal
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
30RISK
open
Nucleicritical
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication,
30RISK
open
Nucleimedium
Dreambox WebControl 2.0.0 - Cross-Site Scripting
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouq
38RISK
open
Nucleihigh
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used
23RISK
open
Nucleihigh
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a cra
43RISK
open
Nucleihigh
Apache httpd <=2.4.29 - Arbitrary File Upload
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a ma
60RISK
open
Nucleicritical
Palo Alto Network PAN-OS - Remote Code Execution
CVE-2017-15944CRITICALunder attack
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISK
open
Nucleihigh
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RISK
open
Nucleihigh
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to
23RISK
open
Nucleihigh
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RISK
open
Nucleimedium
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/
18RISK
open
Nucleimedium
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via
18RISK
open
Nucleimedium
WordPress < 4.9.1 - Authenticated JavaScript File Upload
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js fi
18RISK
open
Nucleimedium
WordPress Mailster <=1.5.4 - Cross-Site Scripting
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subsc
18RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.