Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
CVE-2020-3433HIGHunder attackransomware05 Aug 2020
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
91RISK
open
Metasploit500
Aerospike Database UDF Lua Code Execution
CVE-2020-1315131 Jul 2020
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISK
open
Metasploit600
Mida Solutions eFramework ajaxreq.php Command Injection
CVE-2020-1592024 Jul 2020
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISK
open
Metasploit400
Moodle Teacher Enrollment Privilege Escalation to RCE
CVE-2020-1432120 Jul 2020
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role wi
23RISK
open
Metasploit600
SharePoint DataSet / DataTable Deserialization
CVE-2020-1147HIGHunder attack14 Jul 2020
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISK
open
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-11978HIGHunder attack14 Jul 2020
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISK
open
Metasploit300
SAP Unauthenticated WebService User Creation
CVE-2020-6287CRITICALunder attack14 Jul 2020
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
100RISK
open
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-13927CRITICALunder attack14 Jul 2020
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RISK
open
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-5146713 Jul 2020
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
60RISK
open
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2020-949613 Jul 2020
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RISK
open
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-4907013 Jul 2020
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
60RISK
open
Metasploit500
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
CVE-2020-745707 Jul 2020
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 1
30RISK
open
Metasploit200
F5 BIG-IP TMUI Directory Traversal and File Upload RCE
CVE-2020-5902CRITICALunder attackransomware30 Jun 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISK
open
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338330 Jun 2020
openSIS through 7.4 allows Directory Traversal.
30RISK
open
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338130 Jun 2020
openSIS through 7.4 allows SQL Injection.
30RISK
open
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338230 Jun 2020
openSIS through 7.4 has Incorrect Access Control.
30RISK
open
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12028HIGH22 Jun 2020
Rockwell Automation FactoryTalk View SE
48RISK
open
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12029CRITICAL22 Jun 2020
Rockwell Automation FactoryTalk View SE
75RISK
open
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12027MEDIUM22 Jun 2020
Rockwell Automation FactoryTalk View SE
40RISK
open
Metasploit600
ZenTao Pro 8.8.2 Remote Code Execution
CVE-2020-7361CRITICAL20 Jun 2020
ZenTao Pro Command Injection
48RISK
open
Metasploit600
Cacti color filter authenticated SQLi to RCE
CVE-2020-1429517 Jun 2020
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISK
open
Metasploit300
AnyDesk GUI Format String Write
CVE-2020-1316016 Jun 2020
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
60RISK
open
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10924HIGH15 Jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
58RISK
open
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10923MEDIUM15 Jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
50RISK
open
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1200411 Jun 2020
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior
23RISK
open
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1064411 Jun 2020
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted dat
23RISK
open
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860510 Jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RISK
open
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860410 Jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensi
40RISK
open
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860610 Jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
40RISK
open
Metasploit600
Cayin xPost wayfinder_seqid SQLi to RCE
CVE-2020-7356CRITICAL04 Jun 2020
Cayin xPost SQL Injection
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.