Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
URGENT/11 Scanner, Based on Detection Tool by Armis
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: Do
23RISCO
abrir ↗Metasploit600
Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISCO
abrir ↗Metasploit300
LibreOffice Macro Python Code Execution
LibreLogo global-event script execution
60RISCO
abrir ↗Metasploit600
LibreNMS Collectd Command Injection
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/dev
60RISCO
abrir ↗Metasploit600
D-Link Central WiFi Manager CWM(100) RCE
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote atta
40RISCO
abrir ↗Metasploit300
D-Link Central WiFiManager SQL injection
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validate
30RISCO
abrir ↗Metasploit0
Docker-Credential-Wincred.exe Privilege Escalation
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
91RISCO
abrir ↗Metasploit600
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISCO
abrir ↗Metasploit300
Cisco Data Center Network Manager Unauthenticated File Download
Cisco Data Center Network Manager Arbitrary File Download Vulnerability
41RISCO
abrir ↗Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RISCO
abrir ↗Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISCO
abrir ↗Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISCO
abrir ↗Metasploit300
Cisco Data Center Network Manager Unauthenticated File Download
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISCO
abrir ↗Metasploit600
FusionPBX Operator Panel exec.php Command Execution
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerabili
60RISCO
abrir ↗Metasploit600
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISCO
abrir ↗Metasploit600
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISCO
abrir ↗Metasploit300
Supra Smart Cloud TV Remote File Inclusion
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcas
43RISCO
abrir ↗Metasploit600
Ahsay Backup v7.x-v8.1.1.50 (authenticated) file upload
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RISCO
abrir ↗Metasploit600
Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attac
100RISCO
abrir ↗Metasploit300
OpenEMR 5.0.1 Patch 6 SQLi Dump
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/
23RISCO
abrir ↗Metasploit600
ATutor 2.2.4 - Directory Traversal / Remote Code Execution,
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathnam
40RISCO
abrir ↗Metasploit600
Webmin Package Updates Remote Command Execution
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root pr
60RISCO
abrir ↗Metasploit600
DLINK DWL-2600 Authenticated Remote Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir ↗Metasploit600
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISCO
abrir ↗Metasploit600
IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
85RISCO
abrir ↗Metasploit300
CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗Metasploit0
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗Metasploit600
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiat
40RISCO
abrir ↗Metasploit600
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of t
43RISCO
abrir ↗Metasploit600
Barco WePresent file_transfer.cgi Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.