Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
TAR Path Traversal in Zimbra (CVE-2022-41352)
CVE-2022-41352CRITICALsob ataque28 jun 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through ama
100RISCO
abrir
Metasploit600
Advantech iView NetworkServlet Command Injection
CVE-2022-2143CRITICAL28 jun 2022
Advantech iView
75RISCO
abrir
Metasploit600
UnRAR Path Traversal in Zimbra (CVE-2022-30333)
CVE-2022-30333HIGHsob ataqueransomware28 jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISCO
abrir
Metasploit600
UnRAR Path Traversal (CVE-2022-30333)
CVE-2022-30333HIGHsob ataqueransomware28 jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RISCO
abrir
Metasploit600
Zoho Password Manager Pro XML-RPC Java Deserialization
CVE-2022-35405CRITICALsob ataque24 jun 2022
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code
100RISCO
abrir
Metasploit600
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
CVE-2022-20828MEDIUM22 jun 2022
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
40RISCO
abrir
Metasploit600
Zyxel Firewall SUID Binary Privilege Escalation
CVE-2022-30526HIGH14 jun 2022
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 t
36RISCO
abrir
Metasploit600
Atlassian Confluence Namespace OGNL Injection
CVE-2022-26134CRITICALsob ataqueransomware02 jun 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
Metasploit600
Microsoft Office Word MSDTJS
CVE-2022-30190HIGHsob ataqueransomware29 mai 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit300
SuiteCRM authenticated SQL injection in export functionality
CVE-2023-5350MEDIUM24 mai 2022
SQL Injection in salesagility/suitecrm
28RISCO
abrir
Metasploit600
Gitea Git Fetch Remote Code Execution
CVE-2022-3078116 mai 2022
Gitea before 1.16.7 does not escape git fetch remote.
60RISCO
abrir
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-37042CRITICALsob ataqueransomware10 mai 2022
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RISCO
abrir
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-27925HIGHsob ataqueransomware10 mai 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file
100RISCO
abrir
Metasploit300
Icingaweb Directory Traversal in Static Library File Requests
CVE-2022-24716HIGH09 mai 2022
Path traversal in Icinga Web 2
78RISCO
abrir
Metasploit600
F5 BIG-IP iControl RCE via REST Authentication Bypass
CVE-2022-1388CRITICALsob ataqueransomware04 mai 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
100RISCO
abrir
Metasploit600
DotCMS RCE via Arbitrary File Upload.
CVE-2022-26352CRITICALsob ataqueransomware03 mai 2022
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RISCO
abrir
Metasploit600
Zyxel Firewall ZTP Unauthenticated Command Injection
CVE-2022-30525CRITICALsob ataque28 abr 2022
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
100RISCO
abrir
Metasploit600
ZoneMinder Language Settings Remote Code Execution
CVE-2022-2980627 abr 2022
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an
30RISCO
abrir
Metasploit600
Tatsu Wordpress Plugin RCE
CVE-2021-2509425 abr 2022
Tatsu < 3.3.12 - Unauthenticated RCE
60RISCO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34878MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
28RISCO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34877MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
28RISCO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34876MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.
28RISCO
abrir
Metasploit300
VMware vCenter Secrets Dump
CVE-2022-22948MEDIUMsob ataque15 abr 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious act
83RISCO
abrir
Metasploit600
ManageEngine ADSelfService Plus Custom Script Execution
CVE-2022-28810MEDIUMsob ataque09 abr 2022
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary
100RISCO
abrir
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295606 abr 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
30RISCO
abrir
Metasploit600
VMware Workspace ONE Access CVE-2022-22954
CVE-2022-22954CRITICALsob ataqueransomware06 abr 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
100RISCO
abrir
Metasploit400
VMware Workspace ONE Access CVE-2022-22960
CVE-2022-22960HIGHsob ataque06 abr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISCO
abrir
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295706 abr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
23RISCO
abrir
Metasploit600
Dompdf RCE via Malicious Font Caching (CVE-2022-28368)
CVE-2022-2836805 abr 2022
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RISCO
abrir
Metasploit400
ALLMediaServer 1.6 SEH Buffer Overflow
CVE-2022-2838101 abr 2022
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrar
30RISCO
abrir
anteriorpágina 17 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.