Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Apache Flink JobManager Traversal
CVE-2020-17519CRITICALunder attack05 Jan 2021
Apache Flink directory traversal attack: reading remote files through the REST API
100RISK
open
Metasploit600
Klog Server authenticate.php user Unauthenticated Command Injection
CVE-2020-3572927 Dec 2020
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open
Metasploit600
Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection
CVE-2020-3557819 Dec 2020
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISK
open
Metasploit600
HPE Systems Insight Manager AMF Deserialization RCE
CVE-2020-720015 Dec 2020
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerabili
40RISK
open
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-3566512 Dec 2020
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISK
open
Metasploit300
WordPress Total Upkeep Unauthenticated Backup Downloader
CVE-2020-36848HIGH12 Dec 2020
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
36RISK
open
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-2818812 Dec 2020
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RISK
open
Metasploit600
APISIX Admin API default access token RCE
CVE-2022-24112CRITICALunder attack07 Dec 2020
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISK
open
Metasploit600
APISIX Admin API default access token RCE
CVE-2020-1394507 Dec 2020
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the
40RISK
open
Metasploit300
WordPress Easy WP SMTP Password Reset
CVE-2020-3523406 Dec 2020
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RISK
open
Metasploit300
KOFFEE - Kia OFFensivE Exploit
CVE-2020-853902 Dec 2020
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an atta
18RISK
open
Metasploit600
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
CVE-2020-724621 Nov 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISK
open
Metasploit0
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
CVE-2020-1604019 Nov 2020
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RISK
open
Metasploit600
OpenTSDB 2.4.0 unauthenticated command injection
CVE-2020-3547618 Nov 2020
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RISK
open
Metasploit0
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
CVE-2020-2695018 Nov 2020
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable
30RISK
open
Metasploit600
PEAR Archive_Tar 1.4.10 Arbitrary File Write
CVE-2020-28949HIGHunder attack17 Nov 2020
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RISK
open
Metasploit600
Monitorr unauthenticated Remote Code Execution (RCE)
CVE-2020-2887116 Nov 2020
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RISK
open
Metasploit600
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
CVE-2020-36849CRITICAL14 Nov 2020
AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload
43RISK
open
Metasploit600
Acronis TrueImage XPC Privilege Escalation
CVE-2020-2573611 Nov 2020
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC
18RISK
open
Metasploit300
Abandoned Cart for WooCommerce SQLi Scanner
CVE-2025-47608CRITICAL05 Nov 2020
WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability
43RISK
open
Metasploit600
Git Remote Code Execution via git-lfs (CVE-2020-27955)
CVE-2020-2795504 Nov 2020
Git LFS 2.12.0 allows Remote Code Execution.
40RISK
open
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-2559203 Nov 2020
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authent
30RISK
open
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-16846CRITICALunder attack03 Nov 2020
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RISK
open
Metasploit600
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
CVE-2020-7384HIGH29 Oct 2020
Client-Side Command Injection in Rapid7 Metasploit
68RISK
open
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11853HIGH28 Oct 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISK
open
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-1185528 Oct 2020
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
18RISK
open
Metasploit600
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
CVE-2020-11853HIGH28 Oct 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISK
open
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-11858HIGH28 Oct 2020
Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
36RISK
open
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11854CRITICAL28 Oct 2020
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RISK
open
Metasploit600
Pulse Secure VPN gzip RCE
CVE-2020-8260HIGHunder attack26 Oct 2020
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.