Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Wordpress Plugin Catch Themes Demo Import RCE
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
48RISCO
abrir ↗Metasploit400
Win32k NtGdiResetDC Use After Free Local Privilege Elevation
Win32k Elevation of Privilege Vulnerability
100RISCO
abrir ↗Metasploit600
WordPress Plugin Pie Register Auth Bypass to RCE
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISCO
abrir ↗Metasploit300
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISCO
abrir ↗Metasploit600
ManageEngine ADAudit Plus Authenticated File Write RCE
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
40RISCO
abrir ↗Metasploit600
Microsoft Office Word Malicious MSHTML RCE
Microsoft MSHTML Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit0
VMware vCenter vScalation Priv Esc
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
18RISCO
abrir ↗Metasploit600
VMware vCenter Server Analytics (CEIP) Service File Upload
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISCO
abrir ↗Metasploit600
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISCO
abrir ↗Metasploit300
Wordpress BulletProof Security Backup Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RISCO
abrir ↗Metasploit600
ManageEngine ServiceDesk Plus CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RISCO
abrir ↗Metasploit600
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Elevation of Privilege Vulnerability
91RISCO
abrir ↗Metasploit600
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
100RISCO
abrir ↗Metasploit600
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RISCO
abrir ↗Metasploit300
Netgear PNPX_GetShareFolderList Authentication Bypass
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021
33RISCO
abrir ↗Metasploit300
WordPress Plugin Automatic Config Change to RCE
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RISCO
abrir ↗Metasploit600
Atlassian Confluence WebWork OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir ↗Metasploit300
Canon Driver Privilege Escalation
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer pro
18RISCO
abrir ↗Metasploit300
Pi-Hole Top Domains API Authenticated Exec
(Authenticated) Remote Code Execution Possible in Web Interface 5.5
48RISCO
abrir ↗Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RISCO
abrir ↗Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RISCO
abrir ↗Metasploit300
Elasticsearch Memory Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir ↗Metasploit300
Windows SAM secrets leak - HiveNightmare
Windows Elevation of Privilege Vulnerability
98RISCO
abrir ↗Metasploit300
Lexmark Driver Privilege Escalation
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below,
18RISCO
abrir ↗Metasploit600
Nagios XI Autodiscovery Webshell Upload
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post au
23RISCO
abrir ↗Metasploit300
Jetty WEB-INF File Disclosure
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RISCO
abrir ↗Metasploit300
Jetty WEB-INF File Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISCO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
48RISCO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
48RISCO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.