Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISCO
abrir ↗Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISCO
abrir ↗Metasploit600
Optergy Proton and Enterprise BMS Command Injection using a backdoor
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISCO
abrir ↗Metasploit300
Microsoft Spooler Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writin
43RISCO
abrir ↗Metasploit600
Microsoft Spooler Local Privilege Elevation Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
41RISCO
abrir ↗Metasploit600
Windows Update Orchestrator unchecked ScheduleWork call
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file oper
30RISCO
abrir ↗Metasploit600
FreeSWITCH Event Socket Command Execution
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
43RISCO
abrir ↗Metasploit0
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISCO
abrir ↗Metasploit600
Linear eMerge E3-Series Access Controller Command Injection
Linear eMerge E3-Series devices allow Command Injections.
100RISCO
abrir ↗Metasploit600
Apache Solr Remote Code Execution via Velocity Template
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISCO
abrir ↗Metasploit600
rConfig install Command Execution
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir ↗Metasploit400
Nostromo Directory Traversal Remote Command Execution
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISCO
abrir ↗Metasploit300
ThinVNC Directory Traversal
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir ↗Metasploit600
Solaris xscreensaver log Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RISCO
abrir ↗Metasploit600
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir ↗Metasploit300
File Sharing Wizard - POST SEH Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISCO
abrir ↗Metasploit600
vBulletin widgetConfig RCE
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISCO
abrir ↗Metasploit600
PHPStudy Backdoor Remote Code execution
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability
63RISCO
abrir ↗Metasploit600
Micro Focus (HPE) Data Protector SUID Privilege Escalation
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RISCO
abrir ↗Metasploit600
Bludit Directory Traversal Image File Upload Vulnerability
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Metasploit300
Metasploit HTTP(S) handler DoS
Rapid7 Metasploit HTTP Handler Denial of Service
48RISCO
abrir ↗Metasploit600
Plantronics Hub SpokesUpdateService Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RISCO
abrir ↗Metasploit600
Total.js CMS 12 Widget JavaScript Code Injection
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISCO
abrir ↗Metasploit600
Cisco UCS Director default scpuser password
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISCO
abrir ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISCO
abrir ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
48RISCO
abrir ↗Metasploit300
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat
30RISCO
abrir ↗Metasploit600
Webmin password_change.cgi Backdoor
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.