Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.046exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8.060Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
36RISCO
abrir ↗Metasploit600
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
36RISCO
abrir ↗Metasploit300
GeoServer WMS GetMap XXE Arbitrary File Read
GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
98RISCO
abrir ↗Metasploit300
N-able N-Central Authentication Bypass and XXE Scanner
N-central Multiple XXE Injection Vulnerabilities
68RISCO
abrir ↗Metasploit300
N-able N-Central Authentication Bypass and XXE Scanner
N-central unauthenticated sessionID generation
60RISCO
abrir ↗Metasploit300
Fortinet FortiWeb create new local admin
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir ↗Metasploit600
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir ↗Metasploit600
Fortinet FortiWeb unauthenticated RCE
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISCO
abrir ↗Metasploit600
FreePBX filestore authenticated command injection
FreePBX Administration GUI is Vulnerable to Authenticated Command Injection
100RISCO
abrir ↗Metasploit600
Monsta FTP downloadFile Remote Code Execution
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RISCO
abrir ↗Metasploit600
WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RISCO
abrir ↗Metasploit600
WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
43RISCO
abrir ↗Metasploit600
Taiga tribe_gig authenticated unserialize remote code execution
Taiga Authenticated Remote Code Execution
43RISCO
abrir ↗Metasploit600
Magento SessionReaper
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir ↗Metasploit500
Windows Server Update Service Deserialization Remote Code Execution
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
SmarterTools SmarterMail GUID File Upload Vulnerability
Upload Arbitrary Files
100RISCO
abrir ↗Metasploit600
Oracle E-Business Suite CVE-2025-61882 RCE
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISCO
abrir ↗Metasploit600
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter
RCE via the poller reload feature available only to user with high privilege
41RISCO
abrir ↗Metasploit600
Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir ↗Metasploit600
FreePBX ajax.php unauthenticated SQLi to RCE
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir ↗Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
Argument Injection Vulnerability in CommServe
33RISCO
abrir ↗Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
Unauthorized API Access Risk
28RISCO
abrir ↗Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
Path Traversal Vulnerability
41RISCO
abrir ↗Metasploit600
Flowise Custom MCP Remote Code Execution
Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
65RISCO
abrir ↗Metasploit400
Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (time param)
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISCO
abrir ↗Metasploit600
Grav CMS Admin Direct Install Authenticated Plugin Upload RCE
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISCO
abrir ↗Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Template Import
Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution
63RISCO
abrir ↗Metasploit600
WordPress StoryChief Plugin Unauthenticated RCE
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗Metasploit600
Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)
Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
75RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.