Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.002exploits catalogados
31.582CVEs com exploração pública
TodosExploit-DB 22.467Referência 19.780GitHub PoC 13.048VulnCheck XDB 8.060Nuclei 4.185Metasploit 3.462recentespopularesrisco
3.462 exploits
Metasploit600
MajorDoMo Remote Command Injection via cycle_execs Race Condition
MajorDoMo Command Injection in rc/index.php via Race Condition
43RISCO
abrir ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISCO
abrir ↗Metasploit600
Tactical RMM Jinja2 SSTI Remote Code Execution
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactica
36RISCO
abrir ↗Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir ↗Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir ↗Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
95RISCO
abrir ↗Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISCO
abrir ↗Metasploit500
HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RISCO
abrir ↗Metasploit500
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir ↗Metasploit300
osTicket Arbitrary File Read via PHP Filter Chains in mPDF
osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read
58RISCO
abrir ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 System Path Disclosure via Public API
28RISCO
abrir ↗Metasploit300
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 User Information Disclosure via Public API
28RISCO
abrir ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
63RISCO
abrir ↗Metasploit300
ChurchCRM Database Restore RCE 6.2.0
ChurchCRM vulnerable to RCE with database restore functionality
43RISCO
abrir ↗Metasploit600
ChurchCRM Unauthenticated RCE via Setup Page
ChurchCRM has unauthenticated RCE in its Install Wizard
43RISCO
abrir ↗Metasploit600
FreeBSD rtsold/rtsol DNSSL Command Injection
Remote code execution via ND6 Router Advertisements
56RISCO
abrir ↗Metasploit600
HPE OneView unauthenticated RCE
A remote code execution issue exists in HPE OneView.
100RISCO
abrir ↗Metasploit600
Control Web Panel /admin/index.php Unauthenticated RCE
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /
56RISCO
abrir ↗Metasploit600
FreePBX firmware file upload
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir ↗Metasploit600
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISCO
abrir ↗Metasploit300
FreePBX Custom Extension SQL Injection
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISCO
abrir ↗Metasploit300
FreePBX Custom Extension SQL Injection
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir ↗Metasploit600
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir ↗Metasploit600
FreePBX firmware file upload
FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter
48RISCO
abrir ↗Metasploit300
Gladinet CentreStack/Triofox Access Ticket Forge
Gladinet CentreStack and TrioFox Hard Coded AES Keys
98RISCO
abrir ↗Metasploit600
Unauthenticated RCE in React Server Components (React2Shell)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗Metasploit600
WordPress ACF Extended Unauthenticated RCE via prepare_form()
Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
85RISCO
abrir ↗Metasploit600
Eclipse Che machine-exec Unauthenticated RCE
Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333
43RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.