Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
NetAlertX File Read Vulnerability
CVE-2024-48766HIGH30 jan 2025
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and
48RISCO
abrir
Metasploit600
Cacti Graph Template authenticated RCE versions prior to 1.2.29
CVE-2025-24367HIGH27 jan 2025
Cacti allows Arbitrary File Creation leading to RCE
48RISCO
abrir
Metasploit600
GestioIP 3.5.7 Remote Command Execution
CVE-2024-48760CRITICAL14 jan 2025
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RISCO
abrir
Metasploit300
Car Rental System 1.0 File Upload RCE (Authenticated)
CVE-2024-57487MEDIUM13 jan 2025
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types a
28RISCO
abrir
Metasploit300
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
CVE-2024-57727CRITICALsob ataqueransomware12 jan 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl
100RISCO
abrir
Metasploit600
Remote Code Execution Vulnerability in Vvveb
CVE-2025-8518MEDIUM10 jan 2025
givanz Vvveb Code Editor code.php save code injection
28RISCO
abrir
Metasploit600
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
CVE-2025-27218MEDIUM06 jan 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RISCO
abrir
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2025-3096CRITICAL04 jan 2025
Clinics Patient Management System SQL Injection
43RISCO
abrir
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2022-2297MEDIUM04 jan 2025
SourceCodester Clinics Patient Management System unrestricted upload
28RISCO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48455LOW27 dez 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
23RISCO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48456HIGH27 dez 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
41RISCO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48457HIGH27 dez 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
36RISCO
abrir
Metasploit600
Windows Cloud File Mini Filer Driver Heap Overflow
CVE-2024-30085HIGH19 dez 2024
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RISCO
abrir
Metasploit600
Craft CMS Twig Template Injection RCE via FTP Templates Path
CVE-2024-56145CRITICALsob ataque19 dez 2024
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISCO
abrir
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2025-1094HIGH16 dez 2024
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RISCO
abrir
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2024-12356CRITICALsob ataque16 dez 2024
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
95RISCO
abrir
Metasploit600
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
CVE-2024-55555HIGH13 dez 2024
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_
36RISCO
abrir
Metasploit600
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
CVE-2024-55556CRITICAL13 dez 2024
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote com
55RISCO
abrir
Metasploit600
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
CVE-2024-55956CRITICALsob ataqueransomware09 dez 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RISCO
abrir
Metasploit300
LINQPad Deserialization
CVE-2024-53326HIGH03 dez 2024
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(
36RISCO
abrir
Metasploit600
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
CVE-2024-11320MEDIUM21 nov 2024
Command Injection leading to RCE via LDAP Misconfiguration
50RISCO
abrir
Metasploit600
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
CVE-2024-47407CRITICAL21 nov 2024
mySCADA myPRO OS Command Injection
55RISCO
abrir
Metasploit500
Ubuntu needrestart Privilege Escalation
CVE-2024-48990HIGH19 nov 2024
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tric
41RISCO
abrir
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-9474MEDIUMsob ataqueransomware18 nov 2024
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
100RISCO
abrir
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-0012CRITICALsob ataqueransomware18 nov 2024
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
100RISCO
abrir
Metasploit600
LibreNMS Authenticated RCE (CVE-2024-51092)
CVE-2024-51092CRITICAL15 nov 2024
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutContr
43RISCO
abrir
Metasploit600
WordPress WP Time Capsule Arbitrary File Upload to RCE
CVE-2024-8856CRITICAL15 nov 2024
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RISCO
abrir
Metasploit600
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
CVE-2024-10924CRITICAL14 nov 2024
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RISCO
abrir
Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-28397MEDIUM28 out 2024
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir
Metasploit600
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
CVE-2024-48594HIGH28 out 2024
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the f
36RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.