Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
WordPress Loginizer log SQLi Scanner
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_fa
30RISCO
abrir ↗Metasploit600
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir ↗Metasploit600
NSClient++ 0.5.2.35 - Privilege escalation
NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
36RISCO
abrir ↗Metasploit300
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISCO
abrir ↗Metasploit600
Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user
30RISCO
abrir ↗Metasploit600
NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution
NSClient++ Authenticated Remote Code Execution via ExternalScripts API
36RISCO
abrir ↗Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir ↗Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir ↗Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir ↗Metasploit600
Microsoft SharePoint Server-Side Include and ViewState RCE
Microsoft SharePoint Remote Code Execution Vulnerability
58RISCO
abrir ↗Metasploit600
Gitea Git Hooks Remote Code Execution
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer envir
40RISCO
abrir ↗Metasploit600
Gogs Git Hooks Remote Code Execution
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privile
40RISCO
abrir ↗Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RISCO
abrir ↗Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RISCO
abrir ↗Metasploit600
OpenMediaVault rpc.php Authenticated PHP Code Injection
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield PO
30RISCO
abrir ↗Metasploit600
FlexDotnetCMS Arbitrary ASP File Upload
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and e
40RISCO
abrir ↗Metasploit600
HorizontCMS Arbitrary PHP File Upload
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access
23RISCO
abrir ↗Metasploit600
Micro Focus Operations Bridge Reporter shrboadmin default password
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
23RISCO
abrir ↗Metasploit600
Sophos UTM WebAdmin SID Command Injection
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISCO
abrir ↗Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir ↗Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISCO
abrir ↗Metasploit600
MobileIron MDM Hessian-Based Java Deserialization RCE
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RISCO
abrir ↗Metasploit600
Palo Alto Networks Authenticated Remote Code Execution
PAN-OS: OS command injection vulnerability in the management web interface
78RISCO
abrir ↗Metasploit300
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir ↗Metasploit600
MaraCMS Arbitrary PHP File Upload
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authentic
23RISCO
abrir ↗Metasploit300
Jira Users Enumeration
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
60RISCO
abrir ↗Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter i
40RISCO
abrir ↗Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISCO
abrir ↗Metasploit600
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbe
100RISCO
abrir ↗Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
83RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.