Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Linksys WRT120N tmUnblock Stack Buffer Overflow
Linksys WRT120N tmUnblock.cgi Stack-Based Buffer Overflow Admin Password Reset
28RISCO
abrir ↗Metasploit300
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code v
100RISCO
abrir ↗Metasploit600
Linksys E-Series TheMoon Remote Command Injection
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RISCO
abrir ↗Metasploit500
MS14-009 .NET Deployment Service IE Sandbox Escape
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it
50RISCO
abrir ↗Metasploit600
Fritz!Box Webcm Unauthenticated Command Injection
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter t
60RISCO
abrir ↗Metasploit300
Apache Commons FileUpload and Apache Tomcat DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products,
60RISCO
abrir ↗Metasploit300
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI f
50RISCO
abrir ↗Metasploit300
Adobe Flash Player Integer Underflow Remote Code Execution
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Ma
100RISCO
abrir ↗Metasploit600
Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution
Array Networks vAPV and vxAG Default Credential Privilege Escalation
43RISCO
abrir ↗Metasploit400
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo
50RISCO
abrir ↗Metasploit600
Pandora FMS Default Credential / SQLi Remote Code Execution
Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE
63RISCO
abrir ↗Metasploit600
Zpanel Remote Unauthenticated RCE
ZPanel through 10.1.0 has Remote Command Execution
43RISCO
abrir ↗Metasploit600
Pandora FMS Remote Code Execution
Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection
63RISCO
abrir ↗Metasploit300
A10 Networks AX Loadbalancer Directory Traversal
A10 Networks AX Loadbalancer Path Traversal
36RISCO
abrir ↗Metasploit600
SkyBlueCanvas CMS Remote Code Execution
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248
50RISCO
abrir ↗Metasploit0
Kloxo SQL Injection and Remote Code Execution
Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
43RISCO
abrir ↗Metasploit300
ManageEngine Support Center Plus Directory Traversal
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arb
50RISCO
abrir ↗Metasploit600
MediaWiki Thumb.php Remote Command Execution
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is
50RISCO
abrir ↗Metasploit600
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
GE Proficy HMI/SCADA Path Traversal
78RISCO
abrir ↗Metasploit600
Simple E-Document Arbitrary File Upload
Simple E-Document Arbitrary File Upload RCE
63RISCO
abrir ↗Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
50RISCO
abrir ↗Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RISCO
abrir ↗Metasploit300
Mac OS X Safari file:// Redirection Sandbox Escape
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allo
23RISCO
abrir ↗Metasploit500
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISCO
abrir ↗Metasploit500
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISCO
abrir ↗Metasploit400
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before
50RISCO
abrir ↗Metasploit500
HP AutoPass License Server File Upload
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISCO
abrir ↗Metasploit600
GetSimpleCMS PHP File Upload Vulnerability
GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload
36RISCO
abrir ↗Metasploit500
HP Client Automation Command Injection
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISCO
abrir ↗Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.