Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit0
Google Chrome 72 and 73 Array.map exploit
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISCO
abrir ↗Metasploit400
Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISCO
abrir ↗Metasploit600
elFinder PHP Connector exiftran Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir ↗Metasploit300
Drupal RESTful Web Services unserialize() RCE
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir ↗Metasploit600
WordPress Crop-image Shell Upload
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir ↗Metasploit600
WordPress Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Metasploit300
Total.js prior to 3.2.4 Directory Traversal
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RISCO
abrir ↗Metasploit600
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir ↗Metasploit300
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISCO
abrir ↗Metasploit600
Schneider Electric Pelco Endura NET55XX Encoder
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISCO
abrir ↗Metasploit300
Cisco RV320/RV326 Configuration Disclosure
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISCO
abrir ↗Metasploit300
Microsoft Exchange Privilege Escalation Exploit
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
23RISCO
abrir ↗Metasploit600
Webmin Upload Authenticated RCE
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow
43RISCO
abrir ↗Metasploit600
BMC Patrol Agent Privilege Escalation Cmd Execution
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RISCO
abrir ↗Metasploit300
ES File Explorer Open Port
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
23RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
100RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RISCO
abrir ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISCO
abrir ↗Metasploit0
Docker Container Escape Via runC Overwrite
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISCO
abrir ↗Metasploit600
Mailcleaner Remote Code Execution
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitra
30RISCO
abrir ↗Metasploit600
LibreNMS addhost Command Injection
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISCO
abrir ↗Metasploit600
ThinkPHP Multiple PHP Injection RCEs
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir ↗Metasploit600
ThinkPHP Multiple PHP Injection RCEs
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISCO
abrir ↗Metasploit600
Cisco Prime Infrastructure Runrshell Privilege Escalation
Cisco Small Business Switches Privileged Access Vulnerability
55RISCO
abrir ↗Metasploit500
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISCO
abrir ↗Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISCO
abrir ↗Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.