Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Wordpress Plugin Catch Themes Demo Import RCE
CVE-2021-39352HIGH21 out 2021
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
48RISCO
abrir
Metasploit400
Win32k NtGdiResetDC Use After Free Local Privilege Elevation
CVE-2021-40449HIGHsob ataqueransomware12 out 2021
Win32k Elevation of Privilege Vulnerability
100RISCO
abrir
Metasploit600
WordPress Plugin Pie Register Auth Bypass to RCE
CVE-2025-34077CRITICAL08 out 2021
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISCO
abrir
Metasploit300
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
CVE-2021-2476205 out 2021
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISCO
abrir
Metasploit600
ManageEngine ADAudit Plus Authenticated File Write RCE
CVE-2021-4284701 out 2021
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
40RISCO
abrir
Metasploit600
Microsoft Office Word Malicious MSHTML RCE
CVE-2021-40444HIGHsob ataqueransomware23 set 2021
Microsoft MSHTML Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit0
VMware vCenter vScalation Priv Esc
CVE-2021-2201521 set 2021
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
18RISCO
abrir
Metasploit600
VMware vCenter Server Analytics (CEIP) Service File Upload
CVE-2021-22005CRITICALsob ataqueransomware21 set 2021
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISCO
abrir
Metasploit600
Hikvision IP Camera Unauthenticated Command Injection
CVE-2021-36260CRITICALsob ataque18 set 2021
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISCO
abrir
Metasploit300
Wordpress BulletProof Security Backup Disclosure
CVE-2021-39327MEDIUM17 set 2021
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RISCO
abrir
Metasploit600
ManageEngine ServiceDesk Plus CVE-2021-44077
CVE-2021-44077CRITICALsob ataque16 set 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RISCO
abrir
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38648HIGHsob ataque14 set 2021
Open Management Infrastructure Elevation of Privilege Vulnerability
91RISCO
abrir
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38647CRITICALsob ataqueransomware14 set 2021
Open Management Infrastructure Remote Code Execution Vulnerability
100RISCO
abrir
Metasploit600
ManageEngine ADSelfService Plus CVE-2021-40539
CVE-2021-40539CRITICALsob ataqueransomware07 set 2021
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RISCO
abrir
Metasploit300
Netgear PNPX_GetShareFolderList Authentication Bypass
CVE-2021-45511MEDIUM06 set 2021
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021
33RISCO
abrir
Metasploit300
WordPress Plugin Automatic Config Change to RCE
CVE-2021-4374CRITICAL06 set 2021
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RISCO
abrir
Metasploit600
Atlassian Confluence WebWork OGNL Injection
CVE-2021-26084CRITICALsob ataqueransomware25 ago 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
Metasploit300
Canon Driver Privilege Escalation
CVE-2021-3808507 ago 2021
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer pro
18RISCO
abrir
Metasploit300
Pi-Hole Top Domains API Authenticated Exec
CVE-2021-32706HIGH04 ago 2021
(Authenticated) Remote Code Execution Possible in Web Interface 5.5
48RISCO
abrir
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2020-2865326 jul 2021
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RISCO
abrir
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2021-328726 jul 2021
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RISCO
abrir
Metasploit300
Elasticsearch Memory Disclosure
CVE-2021-2214521 jul 2021
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir
Metasploit300
Windows SAM secrets leak - HiveNightmare
CVE-2021-36934HIGHsob ataque20 jul 2021
Windows Elevation of Privilege Vulnerability
98RISCO
abrir
Metasploit300
Lexmark Driver Privilege Escalation
CVE-2021-3544915 jul 2021
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below,
18RISCO
abrir
Metasploit600
Nagios XI Autodiscovery Webshell Upload
CVE-2021-3734315 jul 2021
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post au
23RISCO
abrir
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-34429MEDIUM15 jul 2021
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RISCO
abrir
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-28164MEDIUM15 jul 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISCO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33548HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
48RISCO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33551HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
48RISCO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33553HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
48RISCO
abrir
anteriorpágina 20 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.