Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
ownCloud Phpinfo Reader
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies
100RISCO
abrir ↗Metasploit600
Ray Agent Job RCE
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the ve
85RISCO
abrir ↗Metasploit600
Ray cpu_profile command injection
Ray Command Injection in cpu_profile Parameter
85RISCO
abrir ↗Metasploit300
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
40RISCO
abrir ↗Metasploit600
GitLens Git Local Configuration Exec
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Vis
18RISCO
abrir ↗Metasploit600
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code
60RISCO
abrir ↗Metasploit600
Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authoriz
100RISCO
abrir ↗Metasploit600
Apache ActiveMQ Unauthenticated Remote Code Execution
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir ↗Metasploit600
Vinchin Backup and Recovery Command Injection
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability
68RISCO
abrir ↗Metasploit600
F5 BIG-IP TMUI AJP Smuggling RCE
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RISCO
abrir ↗Metasploit600
Vinchin Backup and Recovery Command Injection
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.
18RISCO
abrir ↗Metasploit300
Citrix ADC (NetScaler) Bleed Scanner
Unauthenticated sensitive information disclosure
100RISCO
abrir ↗Metasploit600
Mirth Connect Deserialization RCE
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir ↗Metasploit600
Mirth Connect Deserialization RCE
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary com
40RISCO
abrir ↗Metasploit600
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by
41RISCO
abrir ↗Metasploit300
Cisco IOX XE unauthenticated OS command execution
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject c
100RISCO
abrir ↗Metasploit600
Cisco IOX XE Unauthenticated RCE Chain
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject c
100RISCO
abrir ↗Metasploit300
Cisco IOX XE unauthenticated Command Line Interface (CLI) execution
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir ↗Metasploit600
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir ↗Metasploit300
Cisco IOX XE unauthenticated OS command execution
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir ↗Metasploit600
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISCO
abrir ↗Metasploit300
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISCO
abrir ↗Metasploit600
PyTorch Model Server Registration and Deserialization RCE
Remote Code execution in SnakeYAML
58RISCO
abrir ↗Metasploit600
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir ↗Metasploit600
PyTorch Model Server Registration and Deserialization RCE
TorchServe Server-Side Request Forgery
75RISCO
abrir ↗Metasploit600
Progress Software WS_FTP Unauthenticated Remote Code Execution
WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
100RISCO
abrir ↗Metasploit600
Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the
78RISCO
abrir ↗Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RISCO
abrir ↗Metasploit600
Craft CMS unauthenticated Remote Code Execution (RCE)
Craft CMS Remote Code Execution vulnerability
85RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.