Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
41RISCO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p
68RISCO
abrir ↗Metasploit600
VMware NSX Manager XStream unauthenticated RCE
XStream is vulnerable to a Remote Command Execution attack
100RISCO
abrir ↗Metasploit600
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
SolarWinds Platform Deserialization of Untrusted Data
48RISCO
abrir ↗Metasploit600
Zimbra sudo + postfix privilege escalation
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalat
36RISCO
abrir ↗Metasploit600
Apache Commons Text RCE
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir ↗Metasploit600
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISCO
abrir ↗Metasploit600
GitLab GitHub Repo Import Deserialization RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
85RISCO
abrir ↗Metasploit600
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RISCO
abrir ↗Metasploit600
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RISCO
abrir ↗Metasploit600
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
CVE-2023-28384
48RISCO
abrir ↗Metasploit300
Remote Control Collection RCE
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
63RISCO
abrir ↗Metasploit300
Mobile Mouse RCE
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISCO
abrir ↗Metasploit500
Ubuntu Enlightenment Mount Priv Esc
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISCO
abrir ↗Metasploit300
Syncovery For Linux Web-GUI Session Token Brute-Forcer
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and be
18RISCO
abrir ↗Metasploit600
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote c
30RISCO
abrir ↗Metasploit500
pfSense plugin pfBlockerNG unauthenticated RCE as root
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISCO
abrir ↗Metasploit600
Symmetricom SyncServer Unauthenticated Remote Command Execution
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
85RISCO
abrir ↗Metasploit400
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulner
100RISCO
abrir ↗Metasploit600
Bitbucket Git Command Injection
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir ↗Metasploit600
FLIR AX8 unauthenticated RCE
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This
60RISCO
abrir ↗Metasploit300
Rancher Authenticated API Credential Exposure
Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
63RISCO
abrir ↗Metasploit500
VMware Workspace ONE Access CVE-2022-31660
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A m
18RISCO
abrir ↗Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
Softing Secure Integration Server Relative Path Traversal
41RISCO
abrir ↗Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
Softing Secure Integration Server Uncontrolled Search Path Element
36RISCO
abrir ↗Metasploit600
Webmin Package Updates RCE
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISCO
abrir ↗Metasploit600
Apache Spark Unauthenticated Command Injection RCE
Apache Spark shell command injection vulnerability via Spark UI
100RISCO
abrir ↗Metasploit600
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
Unauthenticated Remote Code Execution in Roxy-WI
85RISCO
abrir ↗Metasploit600
ManageEngine ADAudit Plus CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.