Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Vesta Control Panel Authenticated Remote Code Execution
CVE-2020-1080817 Mar 2020
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint.
40RISK
open
Metasploit400
SMBv3 Compression Buffer Overflow
CVE-2020-0796CRITICALunder attackransomware13 Mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open
Metasploit200
SMBv3 Compression Buffer Overflow
CVE-2020-0796CRITICALunder attackransomware13 Mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open
Metasploit300
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
CVE-2020-1272012 Mar 2020
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISK
open
Metasploit0
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
CVE-2020-1272012 Mar 2020
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISK
open
Metasploit400
Rconfig 3.x Chained Remote Code Execution
CVE-2019-1950911 Mar 2020
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISK
open
Metasploit400
Rconfig 3.x Chained Remote Code Execution
CVE-2020-1022011 Mar 2020
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISK
open
Metasploit300
CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP
CVE-2020-17136HIGH10 Mar 2020
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RISK
open
Metasploit600
Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability
CVE-2020-0787HIGHunder attackransomware10 Mar 2020
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl
98RISK
open
Metasploit600
Pandora FMS Ping Authenticated Remote Code Execution
CVE-2025-34088HIGH09 Mar 2020
Pandora FMS Authenticated Remote Code Execution via Ping Module
36RISK
open
Metasploit500
ManageEngine Desktop Central Java Deserialization
CVE-2020-10189CRITICALunder attack05 Mar 2020
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RISK
open
Metasploit600
Metasploit Libnotify Plugin Arbitrary Command Execution
CVE-2020-7350MEDIUM04 Mar 2020
Metasploit Framework Plugin Libnotify Command Injection
28RISK
open
Metasploit600
SharePoint Workflows XOML Injection
CVE-2020-0646CRITICALunder attack02 Mar 2020
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.N
100RISK
open
Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
CVE-2019-399925 Feb 2020
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, u
38RISK
open
Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
CVE-2020-575225 Feb 2020
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RISK
open
Metasploit200
OpenSMTPD OOB Read Local Privilege Escalation
CVE-2020-879424 Feb 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISK
open
Metasploit600
WordPress wpDiscuz Unauthenticated File Upload Vulnerability
CVE-2020-24186CRITICAL21 Feb 2020
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RISK
open
Metasploit300
Apache Tomcat AJP File Read
CVE-2020-1938CRITICALunder attack20 Feb 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
Metasploit300
Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation
CVE-2020-1054HIGHunder attack20 Feb 2020
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
98RISK
open
Metasploit300
WordPress Duplicator File Read Vulnerability
CVE-2020-11738HIGHunder attack19 Feb 2020
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISK
open
Metasploit0
Google Chrome 80 JSCreate side-effect type confusion exploit
CVE-2020-6418HIGHunder attack19 Feb 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corru
100RISK
open
Metasploit600
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
CVE-2020-1615217 Feb 2020
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0
30RISK
open
Metasploit600
Service Tracing Privilege Elevation Vulnerability
CVE-2020-066811 Feb 2020
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window
23RISK
open
Metasploit600
Exchange Control Panel ViewState Deserialization
CVE-2020-0688HIGHunder attackransomware11 Feb 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISK
open
Metasploit600
SQL Server Reporting Services (SSRS) ViewState Deserialization
CVE-2020-0618CRITICALunder attack11 Feb 2020
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RISK
open
Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
CVE-2020-5849HIGHunder attack10 Feb 2020
Unraid 6.8.0 allows authentication bypass.
100RISK
open
Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
CVE-2020-5847CRITICALunder attack10 Feb 2020
Unraid through 6.8.0 allows Remote Code Execution.
100RISK
open
Metasploit600
Horde CSV import arbitrary PHP code execution
CVE-2020-851807 Feb 2020
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RISK
open
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-865406 Feb 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISK
open
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-8655HIGHunder attack06 Feb 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.