Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.107VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RISCO
abrir ↗Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary co
85RISCO
abrir ↗Metasploit300
IBM Data Risk Manager Arbitrary File Download
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RISCO
abrir ↗Metasploit300
IBM Data Risk Manager Arbitrary File Download
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RISCO
abrir ↗Metasploit0
Kibana Upgrade Assistant Telemetry Collector Prototype Pollution
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authen
23RISCO
abrir ↗Metasploit300
SpamTitan Unauthenticated RCE
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RISCO
abrir ↗Metasploit600
Cisco UCS Director Cloupia Script RCE
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
85RISCO
abrir ↗Metasploit600
Cisco UCS Director Cloupia Script RCE
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
75RISCO
abrir ↗Metasploit300
Veeam ONE Agent .NET Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
85RISCO
abrir ↗Metasploit300
Veeam ONE Agent .NET Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
75RISCO
abrir ↗Metasploit300
Zen Load Balancer Directory Traversal
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attac
18RISCO
abrir ↗Metasploit300
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir ↗Metasploit300
VMware vCenter Server vmdir Authentication Bypass
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir ↗Metasploit300
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relati
23RISCO
abrir ↗Metasploit300
LimeSurvey Zip Path Traversals
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RISCO
abrir ↗Metasploit600
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RISCO
abrir ↗Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an atta
18RISCO
abrir ↗Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpo
23RISCO
abrir ↗Metasploit400
Pi-Hole DHCP MAC OS Command Execution
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RISCO
abrir ↗Metasploit600
GitLab File Read Remote Code Execution
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
30RISCO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Arch
68RISCO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the sl
40RISCO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer
61RISCO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware
48RISCO
abrir ↗Metasploit600
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir ↗Metasploit600
macOS cfprefsd Arbitrary File Write Local Privilege Escalation
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Cata
18RISCO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may ca
18RISCO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
40RISCO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able
18RISCO
abrir ↗Metasploit600
Vesta Control Panel Authenticated Remote Code Execution
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint.
40RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.