Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
WebKitGTK+ WebKitFaviconDatabase DoS
CVE-2018-1164603 jun 2018
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RISCO
abrir
Metasploit600
Quest KACE Systems Management Command Injection
CVE-2018-11138CRITICALsob ataqueransomware31 mai 2018
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RISCO
abrir
Metasploit300
Dolibarr Gather Credentials via SQL Injection
CVE-2018-1009430 mai 2018
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RISCO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-1612MEDIUM28 mai 2018
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and
60RISCO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2016-972228 mai 2018
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be r
43RISCO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-141828 mai 2018
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM
50RISCO
abrir
Metasploit500
VLC Media Player MKV Use After Free
CVE-2018-1152924 mai 2018
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RISCO
abrir
Metasploit600
Windscribe WindscribeService Named Pipe Privilege Escalation
CVE-2018-1147924 mai 2018
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RISCO
abrir
Metasploit300
MimiPenguin
CVE-2018-2078123 mai 2018
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned f
18RISCO
abrir
Metasploit600
DHCP Client Command Injection (DynoRoot)
CVE-2018-1111HIGH15 mai 2018
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RISCO
abrir
Metasploit400
Windows SetImeInfoEx Win32k NULL Pointer Dereference
CVE-2018-8120HIGHsob ataqueransomware09 mai 2018
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISCO
abrir
Metasploit600
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
CVE-2018-889708 mai 2018
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa
43RISCO
abrir
Metasploit300
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
CVE-2018-1058301 mai 2018
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RISCO
abrir
Metasploit600
osCommerce Installer Unauthenticated Code Execution
CVE-2018-25114CRITICAL30 abr 2018
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RISCO
abrir
Metasploit600
GitList v0.6.0 Argument Injection Vulnerability
CVE-2018-100053326 abr 2018
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RISCO
abrir
Metasploit600
Apache Tika Header Command Injection
CVE-2018-133525 abr 2018
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISCO
abrir
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-995820 abr 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RISCO
abrir
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-994820 abr 2018
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RISCO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873317 abr 2018
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISCO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873517 abr 2018
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISCO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873617 abr 2018
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir
Metasploit0
Oracle Weblogic Server Deserialization RCE
CVE-2018-2628CRITICALsob ataque17 abr 2018
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
100RISCO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873417 abr 2018
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISCO
abrir
Metasploit600
Pi-Hole Whitelist OS Command Execution
CVE-2025-34087CRITICAL15 abr 2018
Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
63RISCO
abrir
Metasploit600
H2 Web Interface Create Alias RCE
CVE-2018-1005409 abr 2018
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can
30RISCO
abrir
Metasploit600
Drupal Drupalgeddon 2 Forms API Property Injection
CVE-2018-7600CRITICALsob ataqueransomware28 mar 2018
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2017-1386115 mar 2018
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS be
43RISCO
abrir
Metasploit600
Mac OS X libxpc MITM Privilege Escalation
CVE-2018-423715 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS b
43RISCO
abrir
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2018-4233HIGH15 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISCO
abrir
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4404HIGH15 mar 2018
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improve
61RISCO
abrir
anteriorpágina 37 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.