Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
WebKitGTK+ WebKitFaviconDatabase DoS
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RISCO
abrir ↗Metasploit600
Quest KACE Systems Management Command Injection
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RISCO
abrir ↗Metasploit300
Dolibarr Gather Credentials via SQL Injection
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RISCO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and
60RISCO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be r
43RISCO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM
50RISCO
abrir ↗Metasploit500
VLC Media Player MKV Use After Free
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RISCO
abrir ↗Metasploit600
Windscribe WindscribeService Named Pipe Privilege Escalation
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RISCO
abrir ↗Metasploit300
MimiPenguin
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned f
18RISCO
abrir ↗Metasploit600
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RISCO
abrir ↗Metasploit400
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISCO
abrir ↗Metasploit600
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa
43RISCO
abrir ↗Metasploit300
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RISCO
abrir ↗Metasploit600
osCommerce Installer Unauthenticated Code Execution
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RISCO
abrir ↗Metasploit600
GitList v0.6.0 Argument Injection Vulnerability
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RISCO
abrir ↗Metasploit600
Apache Tika Header Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISCO
abrir ↗Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RISCO
abrir ↗Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RISCO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISCO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISCO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir ↗Metasploit0
Oracle Weblogic Server Deserialization RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
100RISCO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISCO
abrir ↗Metasploit600
Pi-Hole Whitelist OS Command Execution
Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
63RISCO
abrir ↗Metasploit600
H2 Web Interface Create Alias RCE
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can
30RISCO
abrir ↗Metasploit600
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir ↗Metasploit0
Safari Webkit Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS be
43RISCO
abrir ↗Metasploit600
Mac OS X libxpc MITM Privilege Escalation
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS b
43RISCO
abrir ↗Metasploit0
Safari Webkit Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISCO
abrir ↗Metasploit0
Safari Proxy Object Type Confusion
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improve
61RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.