Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely
85RISCO
abrir ↗Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sen
53RISCO
abrir ↗Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject fi
85RISCO
abrir ↗Metasploit600
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISCO
abrir ↗Metasploit600
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir ↗Metasploit300
Wordpress Paid Membership Pro code Unauthenticated SQLi
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISCO
abrir ↗Metasploit600
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISCO
abrir ↗Metasploit600
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RISCO
abrir ↗Metasploit600
ManageEngine Endpoint Central Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISCO
abrir ↗Metasploit600
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RISCO
abrir ↗Metasploit600
Jorani unauthenticated Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RISCO
abrir ↗Metasploit600
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISCO
abrir ↗Metasploit400
SugarCRM unauthenticated Remote Code Execution (RCE)
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RISCO
abrir ↗Metasploit600
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macO
68RISCO
abrir ↗Metasploit600
Cacti 1.2.22 unauthenticated command injection
Unauthenticated Command Injection
100RISCO
abrir ↗Metasploit300
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RISCO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to i
30RISCO
abrir ↗Metasploit600
VSCode ipynb Remote Development RCE
Visual Studio Code Remote Code Execution Vulnerability
48RISCO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RISCO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obt
18RISCO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RISCO
abrir ↗Metasploit600
Bitbucket Environment Variable RCE
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker
65RISCO
abrir ↗Metasploit600
F5 BIG-IP iControl Authenticated RCE via RPM Creator
Appliance mode iControl REST vulnerability
68RISCO
abrir ↗Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
POWERCOM CO., LTD. UPSMON PRO - Path Traversal
28RISCO
abrir ↗Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials
28RISCO
abrir ↗Metasploit400
Lenovo Diagnostics Driver IOCTL memmove
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo
56RISCO
abrir ↗Metasploit600
Acronis Cyber Protect/Backup remote code execution
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following
43RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.