Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a
68RISCO
abrir ↗Metasploit600
CyberPanel Multi CVE Pre-auth RCE
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecut
75RISCO
abrir ↗Metasploit600
CyberPanel Multi CVE Pre-auth RCE
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RISCO
abrir ↗Metasploit600
CyberPanel Multi CVE Pre-auth RCE
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypas
100RISCO
abrir ↗Metasploit600
Fortinet FortiManager Unauthenticated RCE
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2
100RISCO
abrir ↗Metasploit300
OneDev Unauthenticated Arbitrary File Read
OneDev vulnerable to arbitrary file reading for unauthenticated user
41RISCO
abrir ↗Metasploit600
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Expedition: Missing Authentication Leads to Admin Account Takeover
100RISCO
abrir ↗Metasploit600
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type
48RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Se
55RISCO
abrir ↗Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RISCO
abrir ↗Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
58RISCO
abrir ↗Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
48RISCO
abrir ↗Metasploit300
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RISCO
abrir ↗Metasploit300
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
75RISCO
abrir ↗Metasploit300
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'
68RISCO
abrir ↗Metasploit600
VICIdial Authenticated Remote Code Execution
VICIdial Authenticated Remote Code Execution
58RISCO
abrir ↗Metasploit300
Vicidial SQL Injection Time-based Admin Credentials Enumeration
VICIdial Unauthenticated SQL Injection
85RISCO
abrir ↗Metasploit600
SPIP BigUp Plugin Unauthenticated RCE
SPIP Bigup Multipart File Upload OS Command Injection
85RISCO
abrir ↗Metasploit600
Wordpress LiteSpeed Cache plugin cookie theft
WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
85RISCO
abrir ↗Metasploit300
WhatsUp Gold SQL Injection (CVE-2024-6670)
WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
100RISCO
abrir ↗Metasploit600
Moodle Remote Code Execution (CVE-2024-43425)
Moodle: remote code execution via calculated question types
78RISCO
abrir ↗Metasploit600
GiveWP Unauthenticated Donation Process Exploit
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
68RISCO
abrir ↗Metasploit600
GiveWP Unauthenticated Donation Process Exploit
GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution
85RISCO
abrir ↗Metasploit600
Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)
Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution
48RISCO
abrir ↗Metasploit600
Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)
Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type
48RISCO
abrir ↗Metasploit300
SolarWinds Web Help Desk Backdoor (CVE-2024-28987)
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
100RISCO
abrir ↗Metasploit600
SPIP Unauthenticated RCE via porte_plume Plugin
SPIP porte_plume Plugin Arbitrary PHP Execution
85RISCO
abrir ↗Metasploit600
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overw
43RISCO
abrir ↗Metasploit600
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbi
36RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.