Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.063exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Pandora FMS Events Remote Command Execution
CVE-2020-1385104 jun 2020
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
40RISCO
abrir
Metasploit600
Cayin CMS NTP Server RCE
CVE-2020-7357CRITICAL04 jun 2020
Cayin CMS Command Injection
55RISCO
abrir
Metasploit300
Cisco 7937G Denial-of-Service Reboot Attack
CVE-2020-1613902 jun 2020
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the de
40RISCO
abrir
Metasploit300
Cisco 7937G Denial-of-Service Attack
CVE-2020-1613802 jun 2020
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remot
23RISCO
abrir
Metasploit300
Cisco 7937G SSH Privilege Escalation
CVE-2020-1613702 jun 2020
A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to re
23RISCO
abrir
Metasploit300
Directory Traversal in Spring Cloud Config Server
CVE-2020-5410HIGHsob ataque01 jun 2020
Directory Traversal with spring-cloud-config-server
100RISCO
abrir
Metasploit300
Cisco DCNM auth bypass
CVE-2019-15975CRITICAL01 jun 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RISCO
abrir
Metasploit300
Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow
CVE-2020-7374MEDIUM22 mai 2020
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
28RISCO
abrir
Metasploit600
Geutebruck testaction.cgi Remote Command Execution
CVE-2020-1620520 mai 2020
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code
30RISCO
abrir
Metasploit300
BIND TSIG Badtime Query Denial of Service
CVE-2020-8617HIGH19 mai 2020
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RISCO
abrir
Metasploit600
LinuxKI Toolset 6.01 Remote Command Execution
CVE-2020-720917 mai 2020
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RISCO
abrir
Metasploit600
Plesk/myLittleAdmin ViewState .NET Deserialization
CVE-2020-1316615 mai 2020
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcod
60RISCO
abrir
Metasploit300
WordPress ChopSlider3 id SQLi Scanner
CVE-2020-1153012 mai 2020
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISCO
abrir
Metasploit600
Wordpress Drag and Drop Multi File Uploader RCE
CVE-2020-1280011 mai 2020
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RISCO
abrir
Metasploit600
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
CVE-2020-1110810 mai 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir
Metasploit300
Plex Unpickle Dict Windows RCE
CVE-2020-5741HIGHsob ataque07 mai 2020
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb
100RISCO
abrir
Metasploit500
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
CVE-2025-34086HIGH07 mai 2020
Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
36RISCO
abrir
Metasploit300
WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp
CVE-2020-2883CRITICALsob ataque30 abr 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions th
100RISCO
abrir
Metasploit300
SaltStack Salt Master Server Root Key Disclosure
CVE-2020-11651CRITICALsob ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Metasploit300
SaltStack Salt Master Server Root Key Disclosure
CVE-2020-11652MEDIUMsob ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
CVE-2020-11652MEDIUMsob ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
CVE-2020-11651CRITICALsob ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Metasploit300
Wordpress LearnPress current_items Authenticated SQLi
CVE-2020-601029 abr 2020
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RISCO
abrir
Metasploit600
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CVE-2020-1210929 abr 2020
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220
40RISCO
abrir
Metasploit600
Netsweeper WebAdmin unixlogin.php Python Code Injection
CVE-2020-1316728 abr 2020
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain
40RISCO
abrir
Metasploit600
TrixBox CE endpoint_devicemap.php Authenticated Command Execution
CVE-2020-7351HIGH28 abr 2020
Fonality Trixbox CE Post-Authentication Command Injection
48RISCO
abrir
Metasploit600
GOG GalaxyClientService Privilege Escalation
CVE-2020-7352HIGH28 abr 2020
GOG Galaxy GalaxyClientService Privilege Escalation
36RISCO
abrir
Metasploit400
WordPress Simple File List Unauthenticated Remote Code Execution
CVE-2020-36847CRITICAL27 abr 2020
Simple File List < 4.2.3 - Remote Code Execution
68RISCO
abrir
Metasploit300
IBM Data Risk Manager Arbitrary File Download
CVE-2020-4429CRITICAL21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RISCO
abrir
Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
CVE-2020-4427CRITICALsob ataque21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RISCO
abrir
anteriorpágina 27 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.