Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
CVE-2022-43571HIGH02 nov 2022
Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
41RISCO
abrir
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2022-40471CRITICAL31 out 2022
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p
68RISCO
abrir
Metasploit600
VMware NSX Manager XStream unauthenticated RCE
CVE-2021-39144HIGHsob ataque25 out 2022
XStream is vulnerable to a Remote Command Execution attack
100RISCO
abrir
Metasploit600
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
CVE-2022-38108HIGH19 out 2022
SolarWinds Platform Deserialization of Untrusted Data
48RISCO
abrir
Metasploit600
Zimbra sudo + postfix privilege escalation
CVE-2022-3569HIGH13 out 2022
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalat
36RISCO
abrir
Metasploit600
Apache Commons Text RCE
CVE-2022-4288913 out 2022
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir
Metasploit600
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
CVE-2022-40684CRITICALsob ataqueransomware10 out 2022
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISCO
abrir
Metasploit600
GitLab GitHub Repo Import Deserialization RCE
CVE-2022-2992CRITICAL06 out 2022
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
85RISCO
abrir
Metasploit600
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
CVE-2022-21587CRITICALsob ataqueransomware01 out 2022
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RISCO
abrir
Metasploit600
Microsoft Exchange ProxyNotShell RCE
CVE-2022-41082HIGHsob ataqueransomware28 set 2022
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
Microsoft Exchange ProxyNotShell RCE
CVE-2022-41040HIGHsob ataqueransomware28 set 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RISCO
abrir
Metasploit600
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
CVE-2023-28384HIGH22 set 2022
CVE-2023-28384
48RISCO
abrir
Metasploit300
Remote Control Collection RCE
CVE-2022-4978CRITICAL20 set 2022
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
63RISCO
abrir
Metasploit300
Mobile Mouse RCE
CVE-2023-31902CRITICAL20 set 2022
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISCO
abrir
Metasploit500
Ubuntu Enlightenment Mount Priv Esc
CVE-2022-37706HIGH13 set 2022
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISCO
abrir
Metasploit300
Syncovery For Linux Web-GUI Session Token Brute-Forcer
CVE-2022-3653606 set 2022
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and be
18RISCO
abrir
Metasploit600
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
CVE-2022-3653406 set 2022
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote c
30RISCO
abrir
Metasploit500
pfSense plugin pfBlockerNG unauthenticated RCE as root
CVE-2022-31814CRITICAL05 set 2022
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISCO
abrir
Metasploit600
Symmetricom SyncServer Unauthenticated Remote Command Execution
CVE-2022-40022CRITICAL31 ago 2022
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
85RISCO
abrir
Metasploit400
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
CVE-2022-26318CRITICALsob ataque29 ago 2022
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulner
100RISCO
abrir
Metasploit600
Bitbucket Git Command Injection
CVE-2022-36804HIGHsob ataque24 ago 2022
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir
Metasploit600
FLIR AX8 unauthenticated RCE
CVE-2022-3706119 ago 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This
60RISCO
abrir
Metasploit300
Rancher Authenticated API Credential Exposure
CVE-2021-36782CRITICAL18 ago 2022
Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
63RISCO
abrir
Metasploit500
VMware Workspace ONE Access CVE-2022-31660
CVE-2022-3166002 ago 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A m
18RISCO
abrir
Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
CVE-2022-1373HIGH27 jul 2022
Softing Secure Integration Server Relative Path Traversal
41RISCO
abrir
Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
CVE-2022-2334HIGH27 jul 2022
Softing Secure Integration Server Uncontrolled Search Path Element
36RISCO
abrir
Metasploit600
Webmin Package Updates RCE
CVE-2022-3644626 jul 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISCO
abrir
Metasploit600
Apache Spark Unauthenticated Command Injection RCE
CVE-2022-33891HIGHsob ataque18 jul 2022
Apache Spark shell command injection vulnerability via Spark UI
100RISCO
abrir
Metasploit600
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
CVE-2022-31137CRITICAL06 jul 2022
Unauthenticated Remote Code Execution in Roxy-WI
85RISCO
abrir
Metasploit600
ManageEngine ADAudit Plus CVE-2022-28219
CVE-2022-2821929 jun 2022
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote
60RISCO
abrir
anteriorpágina 16 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.