Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Metasploit0
Snap Creek Duplicator WordPress plugin code injection
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RISCO
abrir ↗Metasploit300
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
91RISCO
abrir ↗Metasploit600
Wordpress Plainview Activity Monitor RCE
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir ↗Metasploit600
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RISCO
abrir ↗Metasploit600
Ghostscript Failed Restore Command Execution
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RISCO
abrir ↗Metasploit300
Pimcore Gather Credentials via SQL Injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
43RISCO
abrir ↗Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISCO
abrir ↗Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RISCO
abrir ↗Metasploit300
Windows unmarshal post exploitation
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
100RISCO
abrir ↗Metasploit600
NUUO NVRmini upgrade_handle.php Remote Command Execution
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RISCO
abrir ↗Metasploit300
cgit Directory Traversal
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RISCO
abrir ↗Metasploit300
Mikrotik Winbox Arbitrary File Read
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISCO
abrir ↗Metasploit600
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attac
56RISCO
abrir ↗Metasploit300
Eaton Xpert Meter SSH Private Key Exposure Scanner
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different cus
30RISCO
abrir ↗Metasploit300
Dicoogle PACS Web Server Directory Traversal
Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
36RISCO
abrir ↗Metasploit600
QNAP Q'Center change_passwd Command Execution
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISCO
abrir ↗Metasploit600
QNAP Q'Center change_passwd Command Execution
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISCO
abrir ↗Metasploit600
CMS Made Simple Authenticated RCE via File Upload/Copy
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows a
50RISCO
abrir ↗Metasploit300
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RISCO
abrir ↗Metasploit300
Wordpress Arbitrary File Deletion
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/
30RISCO
abrir ↗Metasploit600
PRTG Network Monitor Authenticated RCE
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir ↗Metasploit400
phpMyAdmin Authenticated Remote Code Execution
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RISCO
abrir ↗Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
Remote Code Execution in Micro Focus Secure Messaging Gateway
85RISCO
abrir ↗Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
85RISCO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
60RISCO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RISCO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RISCO
abrir ↗Metasploit300
Splunk __raw Server Info Disclosure
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json
60RISCO
abrir ↗Metasploit300
Cisco ASA Directory Traversal
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.