Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.053exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.060Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
PivotX Remote Code Execution
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the
48RISCO
abrir ↗Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
Microsoft SharePoint Server Spoofing Vulnerability
50RISCO
abrir ↗Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
Microsoft SharePoint Remote Code Execution Vulnerability
88RISCO
abrir ↗Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
Microsoft SharePoint Server Spoofing Vulnerability
100RISCO
abrir ↗Metasploit600
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗Metasploit300
Sudo Chroot 1.9.17 Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗Metasploit300
Marvell QConvergeConsole Path Traversal (CVE-2025-6793)
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
48RISCO
abrir ↗Metasploit600
PandoraFMS Netflow Authenticated Remote Code Execution
Command Injection in Netflow path
41RISCO
abrir ↗Metasploit300
Multiple Brother devices authentication bypass via default administrator password generation
Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
70RISCO
abrir ↗Metasploit300
Multiple Brother devices authentication bypass via default administrator password generation
Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.
68RISCO
abrir ↗Metasploit600
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip
36RISCO
abrir ↗Metasploit600
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
Sitecore PowerShell Extension RCE via Unrestricted Upload
36RISCO
abrir ↗Metasploit300
CVE-2025-33053 Exploit via Malicious .URL File and WebDAV
Internet Shortcut Files Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
Pandora ITSM authenticated command injection leading to RCE via the backup function
Remote Code Execution leads to Command Injection
36RISCO
abrir ↗Metasploit600
n8n Workflow Expression Remote Code Execution
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISCO
abrir ↗Metasploit300
Listmonk Insecure Sprig Template Functions Environment Disclosure
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
43RISCO
abrir ↗Metasploit600
Skyvern SSTI Remote Code Execution
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks suc
61RISCO
abrir ↗Metasploit600
Roundcube Post-Auth RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir ↗Metasploit300
Remote for Mac Unauthenticated RCE
Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
63RISCO
abrir ↗Metasploit600
vBulletin replaceAdTemplate Remote Code Execution
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers'
75RISCO
abrir ↗Metasploit600
vBulletin replaceAdTemplate Remote Code Execution
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t
75RISCO
abrir ↗Metasploit600
Invision Community 5.0.6 customCss RCE
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISCO
abrir ↗Metasploit600
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Remote Code Execution
100RISCO
abrir ↗Metasploit600
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Authentication Bypass
100RISCO
abrir ↗Metasploit300
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RISCO
abrir ↗Metasploit600
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
100RISCO
abrir ↗Metasploit600
Erlang OTP Pre-Auth RCE Scanner and Exploit
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir ↗Metasploit600
Craft CMS Image Transform Preauth RCE (CVE-2025-32432)
Craft CMS Allows Remote Code Execution
100RISCO
abrir ↗Metasploit600
Web-Check Screenshot API Command Injection RCE
Web-Check allows command Injection via Unvalidated URL in Screenshot API
68RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.