Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Apache Flink JobManager Traversal
Apache Flink directory traversal attack: reading remote files through the REST API
100RISCO
abrir ↗Metasploit600
Klog Server authenticate.php user Unauthenticated Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISCO
abrir ↗Metasploit600
Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISCO
abrir ↗Metasploit600
HPE Systems Insight Manager AMF Deserialization RCE
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerabili
40RISCO
abrir ↗Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir ↗Metasploit300
WordPress Total Upkeep Unauthenticated Backup Downloader
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
36RISCO
abrir ↗Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RISCO
abrir ↗Metasploit600
APISIX Admin API default access token RCE
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISCO
abrir ↗Metasploit600
APISIX Admin API default access token RCE
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the
40RISCO
abrir ↗Metasploit300
WordPress Easy WP SMTP Password Reset
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RISCO
abrir ↗Metasploit300
KOFFEE - Kia OFFensivE Exploit
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an atta
18RISCO
abrir ↗Metasploit600
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir ↗Metasploit0
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RISCO
abrir ↗Metasploit600
OpenTSDB 2.4.0 unauthenticated command injection
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RISCO
abrir ↗Metasploit0
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable
30RISCO
abrir ↗Metasploit600
PEAR Archive_Tar 1.4.10 Arbitrary File Write
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RISCO
abrir ↗Metasploit600
Monitorr unauthenticated Remote Code Execution (RCE)
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RISCO
abrir ↗Metasploit600
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload
43RISCO
abrir ↗Metasploit600
Acronis TrueImage XPC Privilege Escalation
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC
18RISCO
abrir ↗Metasploit300
Abandoned Cart for WooCommerce SQLi Scanner
WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability
43RISCO
abrir ↗Metasploit600
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
40RISCO
abrir ↗Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authent
30RISCO
abrir ↗Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RISCO
abrir ↗Metasploit600
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
Client-Side Command Injection in Rapid7 Metasploit
68RISCO
abrir ↗Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir ↗Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
18RISCO
abrir ↗Metasploit600
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir ↗Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
36RISCO
abrir ↗Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RISCO
abrir ↗Metasploit600
Pulse Secure VPN gzip RCE
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.