Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
BentoML's runner server RCE
CVE-2025-32375CRITICAL09 abr 2025
Insecure Deserialization leads to RCE in BentoML's runner server
75RISCO
abrir
Metasploit600
Langflow AI RCE
CVE-2025-3248CRITICALsob ataqueransomware09 abr 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
Metasploit600
BentoML RCE
CVE-2025-27520CRITICAL04 abr 2025
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
75RISCO
abrir
Metasploit500
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
CVE-2025-22457CRITICALsob ataqueransomware03 abr 2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7
100RISCO
abrir
Metasploit300
Gladinet CentreStack/Triofox Path Traversal
CVE-2025-11371HIGHsob ataque03 abr 2025
Gladinet CentreStack and TrioFox Local File Inclusion Flaw
100RISCO
abrir
Metasploit600
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
CVE-2025-2945CRITICAL03 abr 2025
pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
75RISCO
abrir
Metasploit600
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
CVE-2025-30406CRITICALsob ataque03 abr 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the
100RISCO
abrir
Metasploit600
Appsmith RCE
CVE-2024-55964CRITICAL25 mar 2025
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image lea
43RISCO
abrir
Metasploit600
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
CVE-2025-2563HIGH24 mar 2025
User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
68RISCO
abrir
Metasploit300
Next.js Middleware Authorization Bypass Scanner
CVE-2025-29927CRITICAL21 mar 2025
Authorization Bypass in Next.js Middleware
85RISCO
abrir
Metasploit600
ICTBroadcast Unauthenticated Remote Code Execution
CVE-2025-2611CRITICAL19 mar 2025
ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE
63RISCO
abrir
Metasploit600
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
CVE-2024-12971HIGH17 mar 2025
QuickShell Authenticated Command Injection
48RISCO
abrir
Metasploit300
Sante PACS Server Path Traversal (CVE-2025-2264)
CVE-2025-2264HIGH13 mar 2025
Santesoft Sante PACS Server Path Traversal Information Disclosure
48RISCO
abrir
Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
CVE-2025-3102HIGH13 mar 2025
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
78RISCO
abrir
Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
CVE-2025-27007CRITICAL13 mar 2025
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RISCO
abrir
Metasploit300
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
CVE-2025-24799HIGH12 mar 2025
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RISCO
abrir
Metasploit600
Tomcat Partial PUT Java Deserialization
CVE-2025-24813CRITICALsob ataque10 mar 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir
Metasploit300
Xorcom CompletePBX Authenticated File Disclosure via Backup Download
CVE-2025-2292MEDIUM02 mar 2025
Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
28RISCO
abrir
Metasploit600
Xorcom CompletePBX Authenticated Command Injection via Task Scheduler
CVE-2025-30004HIGH02 mar 2025
Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
36RISCO
abrir
Metasploit300
Xorcom CompletePBX Arbitrary File Read and Deletion via systemDataFileName
CVE-2025-30005HIGH02 mar 2025
Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
36RISCO
abrir
Metasploit600
Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)
CVE-2025-24893CRITICALsob ataque20 fev 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
Metasploit600
SPIP Saisies Plugin Unauthenticated RCE
CVE-2025-71243CRITICAL19 fev 2025
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RISCO
abrir
Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
CVE-2025-24865CRITICAL13 fev 2025
mySCADA myPRO Manager Missing Authentication for Critical Function
43RISCO
abrir
Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
CVE-2025-22896CRITICAL13 fev 2025
mySCADA myPRO Manager Cleartext Storage of Sensitive Information
43RISCO
abrir
Metasploit300
Audiobookshelf Unauthenticated API Authentication Bypass Scanner
CVE-2025-25205HIGH12 fev 2025
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
36RISCO
abrir
Metasploit600
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
CVE-2025-24016CRITICALsob ataque10 fev 2025
Remote code execution in Wazuh server
100RISCO
abrir
Metasploit600
InvokeAI RCE
CVE-2024-12029CRITICAL07 fev 2025
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RISCO
abrir
Metasploit600
D-Tale RCE
CVE-2025-065505 fev 2025
15RISCO
abrir
Metasploit600
D-Tale RCE
CVE-2024-3408CRITICAL05 fev 2025
Authentication Bypass and RCE in man-group/dtale
85RISCO
abrir
Metasploit600
Unauthenticated RCE in NetAlertX
CVE-2024-46506CRITICAL30 jan 2025
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because fun
75RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.