Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
OpenTSDB 2.4.1 unauthenticated command injection
CVE-2023-25826CRITICAL01 jul 2023
Remote Code Execution in OpenTSDB
75RISCO
abrir
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-0872HIGH01 jul 2023
ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users
36RISCO
abrir
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-40315MEDIUM01 jul 2023
ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN
28RISCO
abrir
Metasploit600
MagnusBilling application unauthenticated Remote Command Execution.
CVE-2023-30258CRITICAL26 jun 2023
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISCO
abrir
Metasploit600
Rudder Server SQLI Remote Code Execution
CVE-2023-30625HIGH16 jun 2023
rudder-server vulnerable to SQL Injection
58RISCO
abrir
Metasploit600
Apache NiFi H2 Connection String Remote Code Execution
CVE-2023-34468HIGH12 jun 2023
Apache NiFi: Potential Code Injection with Database Services using H2
48RISCO
abrir
Metasploit300
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
CVE-2023-0342LOW09 jun 2023
MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
23RISCO
abrir
Metasploit600
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
CVE-2023-20887CRITICALsob ataque07 jun 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware
100RISCO
abrir
Metasploit600
Ivanti EPM Agent Portal Command Execution
CVE-2023-28324HIGH07 jun 2023
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege es
41RISCO
abrir
Metasploit600
CmsMadeSimple Authenticated File Manager RCE
CVE-2023-3696907 jun 2023
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
30RISCO
abrir
Metasploit600
Chamilo unauthenticated command injection in PowerPoint upload
CVE-2023-3496001 jun 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to ex
60RISCO
abrir
Metasploit600
Splunk "edit_user" Capability Privilege Escalation
CVE-2023-32707HIGH01 jun 2023
‘edit_user’ Capability Privilege Escalation
78RISCO
abrir
Metasploit600
Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode
CVE-2023-206831 mai 2023
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RISCO
abrir
Metasploit600
MOVEit SQL Injection vulnerability
CVE-2023-34362CRITICALsob ataqueransomware31 mai 2023
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISCO
abrir
Metasploit600
Dolibarr ERP/CRM Authenticated Code Injection
CVE-2023-30253HIGH29 mai 2023
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instea
58RISCO
abrir
Metasploit600
Openfire authentication bypass with RCE plugin
CVE-2023-32315HIGHsob ataque26 mai 2023
Openfire administration console authentication bypass
100RISCO
abrir
Metasploit600
Apache RocketMQ update config RCE
CVE-2023-33246CRITICALsob ataque23 mai 2023
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir
Metasploit300
GitLab Authenticated File Read
CVE-2023-2825CRITICAL23 mai 2023
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISCO
abrir
Metasploit600
Barracuda ESG TAR Filename Command Injection
CVE-2023-2868CRITICALsob ataque23 mai 2023
Remote Code injection in Barracuda Email Security Gateway
100RISCO
abrir
Metasploit600
Delta Electronics InfraSuite Device Master Deserialization
CVE-2023-1133CRITICAL17 mai 2023
CVE-2023-1133
75RISCO
abrir
Metasploit600
SolarView Compact unauthenticated remote command execution vulnerability.
CVE-2023-23333CRITICAL15 mai 2023
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RISCO
abrir
Metasploit600
TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
CVE-2023-30013CRITICAL05 mai 2023
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/s
68RISCO
abrir
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-24955HIGHsob ataqueransomware01 mai 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-29357CRITICALsob ataqueransomware01 mai 2023
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RISCO
abrir
Metasploit300
Apache Superset Signed Cookie Priv Esc
CVE-2023-27524HIGHsob ataque25 abr 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
Metasploit600
invscout RPM Privilege Escalation
CVE-2023-28528HIGH24 abr 2023
IBM AIX command execution
36RISCO
abrir
Metasploit600
Ivanti Avalanche FileStoreConfig File Upload
CVE-2023-28128HIGH24 abr 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could
58RISCO
abrir
Metasploit300
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
CVE-2023-26876HIGH21 abr 2023
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via t
36RISCO
abrir
Metasploit600
ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection
CVE-2023-29084HIGH12 abr 2023
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy setti
58RISCO
abrir
Metasploit300
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
CVE-2023-21554CRITICAL11 abr 2023
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
85RISCO
abrir
anteriorpágina 13 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.