Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
GLPI htmLawed php command injection
CVE-2022-35914CRITICALsob ataque26 jan 2022
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
100RISCO
abrir
Metasploit600
Local Privilege Escalation in polkits pkexec
CVE-2021-4034HIGHsob ataque25 jan 2022
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
Metasploit300
Wordpress RegistrationMagic task_ids Authenticated SQLi
CVE-2021-2486223 jan 2022
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RISCO
abrir
Metasploit600
Apache Couchdb Erlang RCE
CVE-2022-24706CRITICALsob ataque21 jan 2022
Remote Code Execution Vulnerability in Packaging
100RISCO
abrir
Metasploit600
Oracle Access Manager unauthenticated Remote Code Execution
CVE-2021-35587CRITICALsob ataque19 jan 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4583724 dez 2021
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by send
23RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4584124 dez 2021
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the ta
18RISCO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4583924 dez 2021
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.
18RISCO
abrir
Metasploit600
SonicWall SMA 100 Series Authenticated Command Injection
CVE-2021-20039HIGH14 dez 2021
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allo
58RISCO
abrir
Metasploit300
WordPress Modern Events Calendar SQLi Scanner
CVE-2021-2494613 dez 2021
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RISCO
abrir
Metasploit600
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALsob ataqueransomware12 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Metasploit300
Log4Shell HTTP Scanner
CVE-2021-45046CRITICALsob ataqueransomware09 dez 2021
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RISCO
abrir
Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
CVE-2022-23277HIGH09 dez 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
48RISCO
abrir
Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
CVE-2021-42321HIGHsob ataqueransomware09 dez 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALsob ataqueransomware09 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Metasploit600
Log4Shell HTTP Header Injection
CVE-2021-44228CRITICALsob ataqueransomware09 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Metasploit300
Log4Shell HTTP Scanner
CVE-2021-44228CRITICALsob ataqueransomware09 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Metasploit600
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALsob ataqueransomware09 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Metasploit600
AjaxPro Deserialization Remote Code Execution
CVE-2021-23758HIGH03 dez 2021
Deserialization of Untrusted Data
58RISCO
abrir
Metasploit600
Ivanti Cloud Services Appliance (CSA) Command Injection
CVE-2021-44529CRITICALsob ataqueransomware02 dez 2021
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
100RISCO
abrir
Metasploit300
Grafana Plugin Path Traversal
CVE-2021-43798HIGHsob ataque02 dez 2021
Grafana path traversal
100RISCO
abrir
Metasploit300
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
CVE-2021-2493108 nov 2021
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RISCO
abrir
Metasploit600
Sitecore Experience Platform (XP) PreAuth Deserialization RCE
CVE-2021-42237CRITICALsob ataqueransomware02 nov 2021
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RISCO
abrir
Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
CVE-2022-20707CRITICAL02 nov 2021
Cisco Small Business RV Series Routers Vulnerabilities
85RISCO
abrir
Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
CVE-2022-20705CRITICAL02 nov 2021
Cisco Small Business RV Series Routers Vulnerabilities
85RISCO
abrir
Metasploit300
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
CVE-2021-43258HIGH30 out 2021
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requir
41RISCO
abrir
Metasploit300
WordPress WPS Hide Login Login Page Revealer
CVE-2021-2491727 out 2021
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RISCO
abrir
Metasploit600
Zimbra zmslapd arbitrary module load
CVE-2022-3739327 out 2021
Zimbra zmslapd arbitrary module load
18RISCO
abrir
Metasploit600
Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution
CVE-2021-3829425 out 2021
Shell Command Injection Vulnerability in Nimbus Thrift Server
40RISCO
abrir
Metasploit300
BillQuick Web Suite txtID SQLi
CVE-2021-42258CRITICALsob ataqueransomware22 out 2021
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RISCO
abrir
anteriorpágina 19 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.