Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Apache Flink JobManager Traversal
CVE-2020-17519CRITICALsob ataque05 jan 2021
Apache Flink directory traversal attack: reading remote files through the REST API
100RISCO
abrir
Metasploit600
Klog Server authenticate.php user Unauthenticated Command Injection
CVE-2020-3572927 dez 2020
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISCO
abrir
Metasploit600
Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection
CVE-2020-3557819 dez 2020
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISCO
abrir
Metasploit600
HPE Systems Insight Manager AMF Deserialization RCE
CVE-2020-720015 dez 2020
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerabili
40RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-3566512 dez 2020
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir
Metasploit300
WordPress Total Upkeep Unauthenticated Backup Downloader
CVE-2020-36848HIGH12 dez 2020
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
36RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-2818812 dez 2020
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RISCO
abrir
Metasploit600
APISIX Admin API default access token RCE
CVE-2022-24112CRITICALsob ataque07 dez 2020
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISCO
abrir
Metasploit600
APISIX Admin API default access token RCE
CVE-2020-1394507 dez 2020
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the
40RISCO
abrir
Metasploit300
WordPress Easy WP SMTP Password Reset
CVE-2020-3523406 dez 2020
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RISCO
abrir
Metasploit300
KOFFEE - Kia OFFensivE Exploit
CVE-2020-853902 dez 2020
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an atta
18RISCO
abrir
Metasploit600
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
CVE-2020-724621 nov 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir
Metasploit0
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
CVE-2020-1604019 nov 2020
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RISCO
abrir
Metasploit600
OpenTSDB 2.4.0 unauthenticated command injection
CVE-2020-3547618 nov 2020
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RISCO
abrir
Metasploit0
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
CVE-2020-2695018 nov 2020
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable
30RISCO
abrir
Metasploit600
PEAR Archive_Tar 1.4.10 Arbitrary File Write
CVE-2020-28949HIGHsob ataque17 nov 2020
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RISCO
abrir
Metasploit600
Monitorr unauthenticated Remote Code Execution (RCE)
CVE-2020-2887116 nov 2020
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RISCO
abrir
Metasploit600
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
CVE-2020-36849CRITICAL14 nov 2020
AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload
43RISCO
abrir
Metasploit600
Acronis TrueImage XPC Privilege Escalation
CVE-2020-2573611 nov 2020
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC
18RISCO
abrir
Metasploit300
Abandoned Cart for WooCommerce SQLi Scanner
CVE-2025-47608CRITICAL05 nov 2020
WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability
43RISCO
abrir
Metasploit600
Git Remote Code Execution via git-lfs (CVE-2020-27955)
CVE-2020-2795504 nov 2020
Git LFS 2.12.0 allows Remote Code Execution.
40RISCO
abrir
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-2559203 nov 2020
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authent
30RISCO
abrir
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-16846CRITICALsob ataque03 nov 2020
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RISCO
abrir
Metasploit600
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
CVE-2020-7384HIGH29 out 2020
Client-Side Command Injection in Rapid7 Metasploit
68RISCO
abrir
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11853HIGH28 out 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-1185528 out 2020
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
18RISCO
abrir
Metasploit600
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
CVE-2020-11853HIGH28 out 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-11858HIGH28 out 2020
Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
36RISCO
abrir
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11854CRITICAL28 out 2020
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RISCO
abrir
Metasploit600
Pulse Secure VPN gzip RCE
CVE-2020-8260HIGHsob ataque26 out 2020
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISCO
abrir
anteriorpágina 24 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.