Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
CVE-2023-38146HIGH13 set 2023
Windows Themes Remote Code Execution Vulnerability
48RISCO
abrir
Metasploit400
Apache Superset Signed Cookie RCE
CVE-2023-39265LOW06 set 2023
Apache Superset: Possible Unauthorized Registration of SQLite Database Connections
45RISCO
abrir
Metasploit400
Apache Superset Signed Cookie RCE
CVE-2023-37941MEDIUM06 set 2023
Apache Superset: Metadata db write access can lead to remote code execution
53RISCO
abrir
Metasploit400
Apache Superset Signed Cookie RCE
CVE-2023-27524HIGHsob ataque06 set 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
Metasploit600
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
CVE-2023-34039CRITICAL29 ago 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
75RISCO
abrir
Metasploit600
LG Simple Editor Remote Code Execution
CVE-2023-40498CRITICAL24 ago 2023
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability
65RISCO
abrir
Metasploit600
WinRAR CVE-2023-38831 Exploit
CVE-2023-38831HIGHsob ataqueransomware23 ago 2023
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISCO
abrir
Metasploit600
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
CVE-2023-38035CRITICALsob ataqueransomware21 ago 2023
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an
100RISCO
abrir
Metasploit300
ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload
CVE-2023-2917CRITICAL17 ago 2023
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
55RISCO
abrir
Metasploit600
Junos OS PHPRC Environment Variable Manipulation RCE
CVE-2023-36845CRITICALsob ataque17 ago 2023
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RISCO
abrir
Metasploit300
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
CVE-2023-2915HIGH17 ago 2023
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
58RISCO
abrir
Metasploit600
Ivanti Avalanche MDM Buffer Overflow
CVE-2023-32560HIGH14 ago 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RISCO
abrir
Metasploit600
PRTG CVE-2023-32781 Authenticated RCE
CVE-2023-3278109 ago 2023
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an au
23RISCO
abrir
Metasploit600
CrushFTP Unauthenticated RCE
CVE-2023-4317708 ago 2023
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes
60RISCO
abrir
Metasploit600
LG Simple Editor Command Injection (CVE-2023-40504)
CVE-2023-40504CRITICAL04 ago 2023
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability
65RISCO
abrir
Metasploit600
Eramba (up to 3.19.1) Authenticated Remote Code Execution Module
CVE-2023-3625501 ago 2023
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrar
30RISCO
abrir
Metasploit600
RaspAP Unauthenticated Command Injection
CVE-2022-3998631 jul 2023
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary comma
60RISCO
abrir
Metasploit600
Maltrail Unauthenticated Command Injection
CVE-2025-34073CRITICAL31 jul 2023
stamparm/maltrail <=0.54 Remote Command Execution
63RISCO
abrir
Metasploit600
Greenshot .NET Deserialization Fileformat Exploit
CVE-2023-3463426 jul 2023
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .green
38RISCO
abrir
Metasploit300
GameOver(lay) Privilege Escalation and Container Escape
CVE-2023-32629HIGH26 jul 2023
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks
56RISCO
abrir
Metasploit300
GameOver(lay) Privilege Escalation and Container Escape
CVE-2023-2640HIGH26 jul 2023
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlay
61RISCO
abrir
Metasploit600
Metabase Setup Token RCE
CVE-2023-3864622 jul 2023
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISCO
abrir
Metasploit300
Citrix ADC (NetScaler) Forms SSO Target RCE
CVE-2023-3519CRITICALsob ataqueransomware18 jul 2023
Unauthenticated remote code execution
100RISCO
abrir
Metasploit600
BoidCMS Command Injection
CVE-2023-3883613 jul 2023
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RISCO
abrir
Metasploit600
Sonicwall
CVE-2023-34133HIGH12 jul 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and
58RISCO
abrir
Metasploit600
Sonicwall
CVE-2023-3413212 jul 2023
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the
18RISCO
abrir
Metasploit600
Sonicwall
CVE-2023-34127HIGH12 jul 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GM
58RISCO
abrir
Metasploit600
Sonicwall
CVE-2023-34124CRITICAL12 jul 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio
75RISCO
abrir
Metasploit600
Microsoft Error Reporting Local Privilege Elevation Vulnerability
CVE-2023-36874HIGHsob ataque11 jul 2023
Windows Error Reporting Service Elevation of Privilege Vulnerability
98RISCO
abrir
Metasploit600
OpenTSDB 2.4.1 unauthenticated command injection
CVE-2023-36812CRITICAL01 jul 2023
Remote Code Execution in OpenTSDB
68RISCO
abrir
anteriorpágina 12 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.