Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,063cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
4,188 exploits
Nucleihigh
OpenEMR <5.0.2 - Local File Inclusion
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can
50RISK
open ↗Nucleimedium
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
43RISK
open ↗Nucleimedium
osTicket < 1.12.1 - Cross-Site Scripting
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It w
43RISK
open ↗Nucleimedium
Custom 404 Pro < 3.2.8 - Cross-Site Scripting
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
18RISK
open ↗Nucleimedium
WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
18RISK
open ↗Nucleimedium
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
50RISK
open ↗Nucleihigh
Grafana - Improper Access Control
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run
30RISK
open ↗Nucleicritical
Webmin <= 1.920 - Unauthenticated Remote Command Execution
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISK
open ↗Nucleimedium
L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
38RISK
open ↗Nucleihigh
Webmin < 1.920 - Authenticated Remote Code Execution
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise
50RISK
open ↗Nucleimedium
WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
The my-calendar plugin before 3.1.10 for WordPress has XSS.
18RISK
open ↗Nucleimedium
ND Booking < 2.5 - Unauthenticated Options Change
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting
18RISK
open ↗Nucleimedium
DomainMOD <=4.13.0 - Cross-Site Scripting
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
38RISK
open ↗Nucleihigh
WPS Hide Login <= 1.5.2.2 - Login Page Bypass
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
18RISK
open ↗Nucleimedium
Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
18RISK
open ↗Nucleihigh
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthentica
23RISK
open ↗Nucleicritical
Socomec DIRIS A-40 Devices Password Disclosure
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get f
30RISK
open ↗Nucleimedium
WordPress Download Manager <2.9.94 - Cross-Site Scripting
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by t
53RISK
open ↗Nucleicritical
D-Link DNS-320 - Remote Code Execution
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
95RISK
open ↗Nucleicritical
Enigma NMS < 65.0.0 - Authenticated OS Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows
43RISK
open ↗Nucleimedium
Harbor <=1.82.0 - Privilege Escalation
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users A
23RISK
open ↗Nucleihigh
PilusCart <=1.4.1 - Local File Inclusion
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File D
23RISK
open ↗Nucleicritical
nostromo 1.9.6 - Remote Code Execution
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISK
open ↗Nucleihigh
ifw8 Router ROM v4.31 - Credential Discovery
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
30RISK
open ↗Nucleimedium
WordPress API Bearer Auth <20190907 - Cross-Site Scripting
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagg
18RISK
open ↗Nucleihigh
Adobe Experience Manager - Expression Language Injection
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability.
23RISK
open ↗Nucleimedium
WordPress Checklist <1.1.9 - Cross-Site Scripting
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filt
18RISK
open ↗Nucleihigh
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISK
open ↗Nucleicritical
rConfig 3.9.2 - Remote Code Execution
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open ↗Nucleicritical
vBulletin 5.0.0-5.5.4 - Remote Command Execution
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.