Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi
CVE-2023-47218MEDIUM13 fev 2024
QTS, QuTS hero, QuTScloud
70RISCO
abrir
Metasploit300
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
CVE-2024-1071CRITICAL10 fev 2024
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RISCO
abrir
Metasploit300
Rancher Audit Log Sensitive Information Leak
CVE-2023-22649HIGH08 fev 2024
Rancher 'Audit Log' leaks sensitive information
36RISCO
abrir
Metasploit600
runc (docker) File Descriptor Leak Privilege Escalation
CVE-2024-21626HIGH31 jan 2024
runc container breakout through process.cwd trickery and leaked fds
61RISCO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21887CRITICALsob ataqueransomware31 jan 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21893HIGHsob ataqueransomware31 jan 2024
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2023-36661HIGH31 jan 2024
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyIn
36RISCO
abrir
Metasploit300
GitLab Tags RSS feed email disclosure
CVE-2023-5612MEDIUM25 jan 2024
Missing Authorization in GitLab
28RISCO
abrir
Metasploit300
Zyxel parse_config.py Command Injection
CVE-2023-33012HIGH24 jan 2024
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
41RISCO
abrir
Metasploit300
Jenkins cli Ampersand Replacement Arbitrary File Read
CVE-2024-23897CRITICALsob ataqueransomware24 jan 2024
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
Metasploit600
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
CVE-2024-0204CRITICAL22 jan 2024
Authentication Bypass in GoAnywhere MFT
85RISCO
abrir
Metasploit600
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
CVE-2024-23759CRITICAL19 jan 2024
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" paramete
55RISCO
abrir
Metasploit600
Atlassian Confluence SSTI Injection
CVE-2023-22527CRITICALsob ataqueransomware16 jan 2024
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated atta
100RISCO
abrir
Metasploit300
GitLab Password Reset Account Takeover
CVE-2023-7028CRITICALsob ataque11 jan 2024
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISCO
abrir
Metasploit600
Netis router MW5360 unauthenticated RCE.
CVE-2024-22729CRITICAL11 jan 2024
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RISCO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2023-46805HIGHsob ataqueransomware10 jan 2024
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a re
100RISCO
abrir
Metasploit300
Wordpress POST SMTP Account Takeover
CVE-2023-6875CRITICAL10 jan 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RISCO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21887CRITICALsob ataqueransomware10 jan 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir
Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
CVE-2023-710224 dez 2023
Remote Code Execution (RCE) Vulnerability
30RISCO
abrir
Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
CVE-2023-7101HIGHsob ataque24 dez 2023
Arbitrary Code Execution (ACE) Vulnerability
71RISCO
abrir
Metasploit600
Cacti RCE via SQLi in pollers.php
CVE-2023-49084HIGH20 dez 2023
Local File Inclusion (RCE) in Cacti
48RISCO
abrir
Metasploit600
Cacti RCE via SQLi in pollers.php
CVE-2023-49085HIGH20 dez 2023
Cacti SQL Injection vulnerability
58RISCO
abrir
Metasploit600
MajorDoMo Command Injection
CVE-2023-5091715 dez 2023
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE:
50RISCO
abrir
Metasploit600
WordPress Backup Migration Plugin PHP Filter Chain RCE
CVE-2023-6553CRITICAL11 dez 2023
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir
Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
CVE-2023-50445HIGH10 dez 2023
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000
36RISCO
abrir
Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
CVE-2023-50919CRITICAL10 dez 2023
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string
75RISCO
abrir
Metasploit600
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
CVE-2023-4220HIGH28 nov 2023
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir
Metasploit600
Splunk Authenticated XSLT Upload RCE
CVE-2023-46214HIGH28 nov 2023
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
58RISCO
abrir
Metasploit300
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
CVE-2023-6329CRITICAL27 nov 2023
Control iD iDSecure passwordCustom Authentication Bypass
75RISCO
abrir
Metasploit600
WordPress Royal Elementor Addons RCE
CVE-2023-536023 nov 2023
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISCO
abrir
anteriorpágina 10 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.