Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
100RISCO
abrir ↗Metasploit600
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗Metasploit300
Wordpress RegistrationMagic task_ids Authenticated SQLi
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RISCO
abrir ↗Metasploit600
Apache Couchdb Erlang RCE
Remote Code Execution Vulnerability in Packaging
100RISCO
abrir ↗Metasploit600
Oracle Access Manager unauthenticated Remote Code Execution
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RISCO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by send
23RISCO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the ta
18RISCO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.
18RISCO
abrir ↗Metasploit600
SonicWall SMA 100 Series Authenticated Command Injection
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allo
58RISCO
abrir ↗Metasploit300
WordPress Modern Events Calendar SQLi Scanner
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RISCO
abrir ↗Metasploit600
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Metasploit300
Log4Shell HTTP Scanner
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RISCO
abrir ↗Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
48RISCO
abrir ↗Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Metasploit600
Log4Shell HTTP Header Injection
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Metasploit300
Log4Shell HTTP Scanner
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Metasploit600
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Metasploit600
AjaxPro Deserialization Remote Code Execution
Deserialization of Untrusted Data
58RISCO
abrir ↗Metasploit600
Ivanti Cloud Services Appliance (CSA) Command Injection
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
100RISCO
abrir ↗Metasploit300
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RISCO
abrir ↗Metasploit600
Sitecore Experience Platform (XP) PreAuth Deserialization RCE
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RISCO
abrir ↗Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
85RISCO
abrir ↗Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
85RISCO
abrir ↗Metasploit300
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requir
41RISCO
abrir ↗Metasploit300
WordPress WPS Hide Login Login Page Revealer
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RISCO
abrir ↗Metasploit600
Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution
Shell Command Injection Vulnerability in Nimbus Thrift Server
40RISCO
abrir ↗Metasploit300
BillQuick Web Suite txtID SQLi
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.