Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi
QTS, QuTS hero, QuTScloud
70RISCO
abrir ↗Metasploit300
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RISCO
abrir ↗Metasploit300
Rancher Audit Log Sensitive Information Leak
Rancher 'Audit Log' leaks sensitive information
36RISCO
abrir ↗Metasploit600
runc (docker) File Descriptor Leak Privilege Escalation
runc container breakout through process.cwd trickery and leaked fds
61RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyIn
36RISCO
abrir ↗Metasploit300
Zyxel parse_config.py Command Injection
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
41RISCO
abrir ↗Metasploit300
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir ↗Metasploit600
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Authentication Bypass in GoAnywhere MFT
85RISCO
abrir ↗Metasploit600
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" paramete
55RISCO
abrir ↗Metasploit600
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated atta
100RISCO
abrir ↗Metasploit300
GitLab Password Reset Account Takeover
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISCO
abrir ↗Metasploit600
Netis router MW5360 unauthenticated RCE.
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a re
100RISCO
abrir ↗Metasploit300
Wordpress POST SMTP Account Takeover
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RISCO
abrir ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir ↗Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
Remote Code Execution (RCE) Vulnerability
30RISCO
abrir ↗Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
Arbitrary Code Execution (ACE) Vulnerability
71RISCO
abrir ↗Metasploit600
MajorDoMo Command Injection
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE:
50RISCO
abrir ↗Metasploit600
WordPress Backup Migration Plugin PHP Filter Chain RCE
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000
36RISCO
abrir ↗Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string
75RISCO
abrir ↗Metasploit600
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir ↗Metasploit600
Splunk Authenticated XSLT Upload RCE
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
58RISCO
abrir ↗Metasploit300
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
Control iD iDSecure passwordCustom Authentication Bypass
75RISCO
abrir ↗Metasploit600
WordPress Royal Elementor Addons RCE
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.