Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
83RISCO
abrir ↗Metasploit500
Aerospike Database UDF Lua Code Execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISCO
abrir ↗Metasploit600
Mida Solutions eFramework ajaxreq.php Command Injection
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISCO
abrir ↗Metasploit400
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role wi
23RISCO
abrir ↗Metasploit600
SharePoint DataSet / DataTable Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISCO
abrir ↗Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISCO
abrir ↗Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RISCO
abrir ↗Metasploit300
SAP Unauthenticated WebService User Creation
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
100RISCO
abrir ↗Metasploit600
Apache OFBiz XML-RPC Java Deserialization
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
60RISCO
abrir ↗Metasploit600
Apache OFBiz XML-RPC Java Deserialization
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RISCO
abrir ↗Metasploit600
Apache OFBiz XML-RPC Java Deserialization
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
60RISCO
abrir ↗Metasploit500
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 1
30RISCO
abrir ↗Metasploit600
openSIS Unauthenticated PHP Code Execution
openSIS through 7.4 allows Directory Traversal.
30RISCO
abrir ↗Metasploit200
F5 BIG-IP TMUI Directory Traversal and File Upload RCE
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir ↗Metasploit600
openSIS Unauthenticated PHP Code Execution
openSIS through 7.4 allows SQL Injection.
30RISCO
abrir ↗Metasploit600
openSIS Unauthenticated PHP Code Execution
openSIS through 7.4 has Incorrect Access Control.
30RISCO
abrir ↗Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Rockwell Automation FactoryTalk View SE
48RISCO
abrir ↗Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Rockwell Automation FactoryTalk View SE
75RISCO
abrir ↗Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Rockwell Automation FactoryTalk View SE
40RISCO
abrir ↗Metasploit600
Cacti color filter authenticated SQLi to RCE
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISCO
abrir ↗Metasploit300
AnyDesk GUI Format String Write
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
60RISCO
abrir ↗Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
58RISCO
abrir ↗Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
50RISCO
abrir ↗Metasploit600
Inductive Automation Ignition Remote Code Execution
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior
23RISCO
abrir ↗Metasploit600
Inductive Automation Ignition Remote Code Execution
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted dat
23RISCO
abrir ↗Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensi
40RISCO
abrir ↗Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RISCO
abrir ↗Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
40RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.