Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
WSO2 Arbitrary File Upload to RCE
CVE-2022-29464CRITICALsob ataqueransomware01 abr 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /file
100RISCO
abrir
Metasploit0
Spring Framework Class property RCE (Spring4Shell)
CVE-2022-22965CRITICALsob ataque31 mar 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
Metasploit600
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
CVE-2022-1329HIGH29 mar 2022
Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
78RISCO
abrir
Metasploit600
Spring Cloud Function SpEL Injection
CVE-2022-22963CRITICALsob ataque29 mar 2022
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISCO
abrir
Metasploit500
io_uring Same Type Object Reuse Priv Esc
CVE-2022-104322 mar 2022
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to cor
18RISCO
abrir
Metasploit600
Open Web Analytics 1.7.3 - Remote Code Execution (RCE)
CVE-2022-2463718 mar 2022
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, wh
60RISCO
abrir
Metasploit600
User Profile Arbitrary Junction Creation Local Privilege Elevation
CVE-2022-26904HIGHsob ataque17 mar 2022
Windows User Profile Service Elevation of Privilege Vulnerability
66RISCO
abrir
Metasploit300
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
CVE-2022-016914 mar 2022
Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection
60RISCO
abrir
Metasploit500
Watch Queue Out of Bounds Write
CVE-2022-099514 mar 2022
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This
18RISCO
abrir
Metasploit600
MyBB Admin Control Code Injection RCE
CVE-2022-24734HIGH09 mar 2022
Remote code execution in mybb
78RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
CVE-2022-2498907 mar 2022
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskst
30RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
CVE-2022-24990CRITICALsob ataqueransomware07 mar 2022
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agen
100RISCO
abrir
Metasploit300
Wordpress BookingPress bookingpress_front_get_category_services SQLi
CVE-2022-073928 fev 2022
BookingPress < 1.0.11 - Unauthenticated SQL Injection
30RISCO
abrir
Metasploit600
Webmin File Manager RCE
CVE-2022-0824HIGH26 fev 2022
Improper Access Control to Remote Code Execution in webmin/webmin
78RISCO
abrir
Metasploit300
GitLab GraphQL API User Enumeration
CVE-2021-4191MEDIUM25 fev 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Priv
70RISCO
abrir
Metasploit600
pfSense Diag Routes Web Shell Upload
CVE-2021-4128223 fev 2022
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data abo
40RISCO
abrir
Metasploit600
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
CVE-2022-0847HIGHsob ataque20 fev 2022
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISCO
abrir
Metasploit600
Sourcegraph gitserver sshCommand RCE
CVE-2022-23642HIGH18 fev 2022
Code Injection in Sourcegraph
78RISCO
abrir
Metasploit300
Wordpress MasterStudy Admin Account Creation
CVE-2022-044118 fev 2022
MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation
60RISCO
abrir
Metasploit600
Redis Lua Sandbox Escape
CVE-2022-0543CRITICALsob ataque18 fev 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RISCO
abrir
Metasploit300
Strapi CMS Unauthenticated Password Reset
CVE-2019-1881809 fev 2022
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
Metasploit300
CVE-2022-21999 SpoolFool Privesc
CVE-2022-21999HIGHsob ataqueransomware08 fev 2022
Windows Print Spooler Elevation of Privilege Vulnerability
98RISCO
abrir
Metasploit200
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
CVE-2022-3491807 fev 2022
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buff
38RISCO
abrir
Metasploit600
Docker cgroups Container Escape
CVE-2022-0492HIGHsob ataque04 fev 2022
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Th
86RISCO
abrir
Metasploit400
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
CVE-2022-20699CRITICALsob ataque02 fev 2022
Cisco Small Business RV Series Routers Vulnerabilities
100RISCO
abrir
Metasploit400
Zyxel Unauthenticated LAN Remote Code Execution
CVE-2023-28769CRITICAL01 fev 2022
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware v
43RISCO
abrir
Metasploit600
Zyxel chained RCE using LFI and weak password derivation algorithm
CVE-2023-28770HIGH01 fev 2022
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmwa
48RISCO
abrir
Metasploit300
Microweber CMS v1.2.10 Local File Inclusion (Authenticated)
CVE-2025-34076MEDIUM30 jan 2022
Microweber CMS Authenticated Local File Inclusion via Backup API
28RISCO
abrir
Metasploit400
vmwgfx Driver File Descriptor Handling Priv Esc
CVE-2022-22942HIGH28 jan 2022
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to f
36RISCO
abrir
Metasploit600
Spring Cloud Gateway Remote Code Execution
CVE-2022-22947CRITICALsob ataque26 jan 2022
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir
anteriorpágina 18 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.