Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
GetSimpleCMS Unauthenticated RCE
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RISCO
abrir ↗Metasploit600
WP Database Backup RCE
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
68RISCO
abrir ↗Metasploit600
Pulse Secure VPN Arbitrary Command Execution
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RISCO
abrir ↗Metasploit300
Pulse Secure VPN Arbitrary File Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISCO
abrir ↗Metasploit600
Oracle Weblogic Server Deserialization RCE - AsyncResponseService
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISCO
abrir ↗Metasploit600
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISCO
abrir ↗Metasploit300
Spring Cloud Config Server Directory Traversal
Directory Traversal with spring-cloud-config-server
60RISCO
abrir ↗Metasploit300
Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponen
18RISCO
abrir ↗Metasploit300
Remote Mouse RCE
Emote Interactive Remote Mouse Server command injection due to weak encoding
63RISCO
abrir ↗Metasploit600
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISCO
abrir ↗Metasploit600
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RISCO
abrir ↗Metasploit600
Mac OS X Feedback Assistant Race Condition
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISCO
abrir ↗Metasploit600
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir ↗Metasploit300
AppXSvc Hard Link Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir ↗Metasploit300
WordPress Google Maps Plugin SQL Injection
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize
40RISCO
abrir ↗Metasploit600
AwindInc SNMP Service Command Injection
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISCO
abrir ↗Metasploit600
AIS logistics ESEL-Server Unauth SQL Injection RCE
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RISCO
abrir ↗Metasploit300
CMS Made Simple Authenticated RCE via object injection
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php an
23RISCO
abrir ↗Metasploit600
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISCO
abrir ↗Metasploit600
Horde Form File Upload Vulnerability
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulner
23RISCO
abrir ↗Metasploit0
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RISCO
abrir ↗Metasploit600
PostgreSQL COPY FROM PROGRAM Command Execution
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir ↗Metasploit300
IBM BigFix Relay Server Sites and Package Enum
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd
33RISCO
abrir ↗Metasploit600
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISCO
abrir ↗Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISCO
abrir ↗Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISCO
abrir ↗Metasploit300
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISCO
abrir ↗Metasploit300
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir ↗Metasploit300
Pimcore Unserialize RCE
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.