Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
VMware View Planner Unauthenticated Log File Upload RCE
CVE-2021-2197802 mar 2021
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISCO
abrir
Metasploit300
Microsoft Exchange ProxyLogon Collector
CVE-2021-26855CRITICALsob ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
Microsoft Exchange ProxyLogon RCE
CVE-2021-26855CRITICALsob ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit300
Microsoft Exchange ProxyLogon Scanner
CVE-2021-26855CRITICALsob ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27876HIGHsob ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27878HIGHsob ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27877HIGHsob ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISCO
abrir
Metasploit300
FortiLogger Arbitrary File Upload Exploit
CVE-2021-337826 fev 2021
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir
Metasploit300
Unified Remote Auth Bypass to RCE
CVE-2022-3229CRITICAL25 fev 2021
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication
55RISCO
abrir
Metasploit600
IGEL OS Secure VNC/Terminal Command Injection RCE
CVE-2025-34082CRITICAL25 fev 2021
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
63RISCO
abrir
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528225 fev 2021
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable
40RISCO
abrir
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528125 fev 2021
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel
40RISCO
abrir
Metasploit300
Wifi Mouse RCE
CVE-2022-321825 fev 2021
Necta WiFi Mouse (Mouse Server) client-side authentication bypass
40RISCO
abrir
Metasploit0
VMware vCenter Server Unauthenticated OVA File Upload RCE
CVE-2021-21972CRITICALsob ataqueransomware23 fev 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISCO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25296HIGHsob ataque13 fev 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25297HIGHsob ataque13 fev 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RISCO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25298HIGHsob ataque13 fev 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2021-1732HIGHsob ataqueransomware09 fev 2021
Windows Win32k Elevation of Privilege Vulnerability
100RISCO
abrir
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2022-21882HIGHsob ataque09 fev 2021
Win32k Elevation of Privilege Vulnerability
98RISCO
abrir
Metasploit600
Advantech iView Unauthenticated Remote Code Execution
CVE-2021-2265209 fev 2021
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow a
30RISCO
abrir
Metasploit600
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection
CVE-2021-22502CRITICALsob ataque09 fev 2021
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISCO
abrir
Metasploit600
NetMotion Mobility Server MvcUtil Java Deserialization
CVE-2021-2691408 fev 2021
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code
40RISCO
abrir
Metasploit300
NCR Command Center Agent Remote Code Execution
CVE-2021-312207 fev 2021
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (wit
40RISCO
abrir
Metasploit600
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
CVE-2021-2414529 jan 2021
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISCO
abrir
Metasploit600
Sudo Heap-Based Buffer Overflow
CVE-2021-3156HIGHsob ataque26 jan 2021
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
Metasploit600
Apache Druid 0.20.0 Remote Command Execution
CVE-2021-2564621 jan 2021
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
60RISCO
abrir
Metasploit600
Lucee Administrator imgProcess.cfm Arbitrary File Write
CVE-2021-21307HIGH15 jan 2021
Remote Code Exploit in Lucee Admin
78RISCO
abrir
Metasploit600
Unauthenticated remote code execution in Ignition
CVE-2021-3129CRITICALsob ataqueransomware13 jan 2021
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISCO
abrir
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-17132CRITICAL12 jan 2021
Microsoft Exchange Remote Code Execution Vulnerability
65RISCO
abrir
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-16875HIGH12 jan 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
48RISCO
abrir
anteriorpágina 23 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.