Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.002exploits catalogados
31.582CVEs com exploração pública
3.462 exploits
Metasploit600
MajorDoMo Remote Command Injection via cycle_execs Race Condition
CVE-2026-27175CRITICAL18 fev 2026
MajorDoMo Command Injection in rc/index.php via Race Condition
43RISCO
abrir
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2026-1731CRITICALsob ataqueransomware06 fev 2026
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISCO
abrir
Metasploit600
Tactical RMM Jinja2 SSTI Remote Code Execution
CVE-2025-69516HIGH29 jan 2026
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactica
36RISCO
abrir
Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
CVE-2026-1340CRITICALsob ataque29 jan 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir
Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
CVE-2026-1281CRITICALsob ataque29 jan 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir
Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
CVE-2025-40551CRITICALsob ataque28 jan 2026
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
95RISCO
abrir
Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
CVE-2025-40536HIGHsob ataque28 jan 2026
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISCO
abrir
Metasploit500
HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE
CVE-2026-24479CRITICAL26 jan 2026
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RISCO
abrir
Metasploit500
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
CVE-2026-24061CRITICALsob ataque26 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
Metasploit300
osTicket Arbitrary File Read via PHP Filter Chains in mPDF
CVE-2026-22200HIGH13 jan 2026
osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read
58RISCO
abrir
Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
CVE-2025-34442MEDIUM19 dez 2025
AVideo < 20.1 System Path Disclosure via Public API
28RISCO
abrir
Metasploit300
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
CVE-2025-14847HIGHsob ataque19 dez 2025
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
CVE-2025-34441MEDIUM19 dez 2025
AVideo < 20.1 User Information Disclosure via Public API
28RISCO
abrir
Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
CVE-2025-34433CRITICAL19 dez 2025
AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
63RISCO
abrir
Metasploit300
ChurchCRM Database Restore RCE 6.2.0
CVE-2025-68109CRITICAL17 dez 2025
ChurchCRM vulnerable to RCE with database restore functionality
43RISCO
abrir
Metasploit600
ChurchCRM Unauthenticated RCE via Setup Page
CVE-2025-62521CRITICAL17 dez 2025
ChurchCRM has unauthenticated RCE in its Install Wizard
43RISCO
abrir
Metasploit600
FreeBSD rtsold/rtsol DNSSL Command Injection
CVE-2025-14558HIGH16 dez 2025
Remote code execution via ND6 Router Advertisements
56RISCO
abrir
Metasploit600
HPE OneView unauthenticated RCE
CVE-2025-37164CRITICALsob ataque16 dez 2025
A remote code execution issue exists in HPE OneView.
100RISCO
abrir
Metasploit600
Control Web Panel /admin/index.php Unauthenticated RCE
CVE-2025-67888HIGH16 dez 2025
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /
56RISCO
abrir
Metasploit600
FreePBX firmware file upload
CVE-2025-66039CRITICAL11 dez 2025
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir
Metasploit600
FreePBX endpoint SQLi to RCE
CVE-2025-61675HIGH11 dez 2025
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISCO
abrir
Metasploit300
FreePBX Custom Extension SQL Injection
CVE-2025-61675HIGH11 dez 2025
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISCO
abrir
Metasploit300
FreePBX Custom Extension SQL Injection
CVE-2025-66039CRITICAL11 dez 2025
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir
Metasploit600
FreePBX endpoint SQLi to RCE
CVE-2025-66039CRITICAL11 dez 2025
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISCO
abrir
Metasploit600
FreePBX firmware file upload
CVE-2025-61678HIGH11 dez 2025
FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter
48RISCO
abrir
Metasploit300
Gladinet CentreStack/Triofox Access Ticket Forge
CVE-2025-14611HIGHsob ataque10 dez 2025
Gladinet CentreStack and TrioFox Hard Coded AES Keys
98RISCO
abrir
Metasploit600
Unauthenticated RCE in React Server Components (React2Shell)
CVE-2025-6647803 dez 2025
15RISCO
abrir
Metasploit600
Unauthenticated RCE in React Server Components (React2Shell)
CVE-2025-55182CRITICALsob ataqueransomware03 dez 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
Metasploit600
WordPress ACF Extended Unauthenticated RCE via prepare_form()
CVE-2025-13486CRITICAL02 dez 2025
Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
85RISCO
abrir
Metasploit600
Eclipse Che machine-exec Unauthenticated RCE
CVE-2025-12548CRITICAL01 dez 2025
Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333
43RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.