Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
WordPress Loginizer log SQLi Scanner
CVE-2020-2761521 out 2020
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_fa
30RISCO
abrir
Metasploit600
NSClient++ 0.5.2.35 - Privilege escalation
CVE-2025-34078HIGH20 out 2020
NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
36RISCO
abrir
Metasploit600
NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution
CVE-2025-34079HIGH20 out 2020
NSClient++ Authenticated Remote Code Execution via ExternalScripts API
36RISCO
abrir
Metasploit300
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
CVE-2020-14871CRITICALsob ataque20 out 2020
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISCO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14883HIGHsob ataque20 out 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14882CRITICALsob ataque20 out 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14750CRITICALsob ataque20 out 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Metasploit600
Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection
CVE-2020-579220 out 2020
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user
30RISCO
abrir
Metasploit600
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
CVE-2020-579120 out 2020
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir
Metasploit600
Microsoft SharePoint Server-Side Include and ViewState RCE
CVE-2020-16952HIGH13 out 2020
Microsoft SharePoint Remote Code Execution Vulnerability
58RISCO
abrir
Metasploit600
Gogs Git Hooks Remote Code Execution
CVE-2020-1586707 out 2020
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privile
40RISCO
abrir
Metasploit600
Gitea Git Hooks Remote Code Execution
CVE-2020-1414407 out 2020
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer envir
40RISCO
abrir
Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
CVE-2020-6207CRITICALsob ataque03 out 2020
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RISCO
abrir
Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
CVE-2020-6207CRITICALsob ataque03 out 2020
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RISCO
abrir
Metasploit600
OpenMediaVault rpc.php Authenticated PHP Code Injection
CVE-2020-2612428 set 2020
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield PO
30RISCO
abrir
Metasploit600
FlexDotnetCMS Arbitrary ASP File Upload
CVE-2020-2738628 set 2020
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and e
40RISCO
abrir
Metasploit600
HorizontCMS Arbitrary PHP File Upload
CVE-2020-2738724 set 2020
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access
23RISCO
abrir
Metasploit600
Micro Focus Operations Bridge Reporter shrboadmin default password
CVE-2020-1185721 set 2020
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
23RISCO
abrir
Metasploit600
Sophos UTM WebAdmin SID Command Injection
CVE-2020-25223CRITICALsob ataque18 set 2020
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISCO
abrir
Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
CVE-2019-023014 set 2020
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir
Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
CVE-2020-17530CRITICALsob ataque14 set 2020
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISCO
abrir
Metasploit600
MobileIron MDM Hessian-Based Java Deserialization RCE
CVE-2020-15505CRITICALsob ataque12 set 2020
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RISCO
abrir
Metasploit300
WordPress File Manager Unauthenticated Remote Code Execution
CVE-2020-25213CRITICALsob ataque09 set 2020
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
Metasploit600
Palo Alto Networks Authenticated Remote Code Execution
CVE-2020-2038HIGH09 set 2020
PAN-OS: OS command injection vulnerability in the management web interface
78RISCO
abrir
Metasploit600
MaraCMS Arbitrary PHP File Upload
CVE-2020-2504231 ago 2020
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authentic
23RISCO
abrir
Metasploit300
Jira Users Enumeration
CVE-2020-1418116 ago 2020
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
60RISCO
abrir
Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
CVE-2020-1750509 ago 2020
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter i
40RISCO
abrir
Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
CVE-2020-1750609 ago 2020
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISCO
abrir
Metasploit600
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
CVE-2020-17496CRITICALsob ataque09 ago 2020
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbe
100RISCO
abrir
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
CVE-2020-3433HIGHsob ataqueransomware05 ago 2020
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
91RISCO
abrir
anteriorpágina 25 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.