Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit0
Safari Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISCO
abrir ↗Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
23RISCO
abrir ↗Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
50RISCO
abrir ↗Metasploit600
Unitrends Enterprise Backup bpserverd Privilege Escalation
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISCO
abrir ↗Metasploit300
Flexense HTTP Server Denial Of Service
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISCO
abrir ↗Metasploit300
HTTP SickRage Password Leak
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RISCO
abrir ↗Metasploit600
ManageEngine Applications Manager Remote Code Execution
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The pu
60RISCO
abrir ↗Metasploit600
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter
23RISCO
abrir ↗Metasploit300
Memcached Stats Amplification Scanner
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln
60RISCO
abrir ↗Metasploit600
Nanopool Claymore Dual Miner APIs RCE
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner
60RISCO
abrir ↗Metasploit300
Claymore Dual GPU Miner Format String dos attack
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format strin
50RISCO
abrir ↗Metasploit0
Exodus Wallet (ElectronJS Framework) remote Code Execution
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the pro
60RISCO
abrir ↗Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISCO
abrir ↗Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, pro
60RISCO
abrir ↗Metasploit500
CloudMe Sync v1.10.9
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RISCO
abrir ↗Metasploit300
glibc 'realpath()' Privilege Escalation
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th
43RISCO
abrir ↗Metasploit300
GitStack Unauthenticated REST API Requests
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISCO
abrir ↗Metasploit500
GitStack Unsanitized Argument RCE
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISCO
abrir ↗Metasploit600
Monstra CMS Authenticated Arbitrary File Upload
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for exa
30RISCO
abrir ↗Metasploit600
Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7)
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RISCO
abrir ↗Metasploit600
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISCO
abrir ↗Metasploit600
Linksys WVBR0-25 User-Agent Command Execution
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RISCO
abrir ↗Metasploit600
Apache Spark Unauthenticated Command Execution
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the su
50RISCO
abrir ↗Metasploit400
Commvault Communications Service (cvd) Command Injection
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain mess
30RISCO
abrir ↗Metasploit600
Palo Alto Networks readSessionVarsFromFile() Session Corruption
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISCO
abrir ↗Metasploit600
Mac OS X Root Privilege Escalation
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RISCO
abrir ↗Metasploit300
Clickjacking Vulnerability In CSRF Error Page pfSense
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged e
30RISCO
abrir ↗Metasploit0
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RISCO
abrir ↗Metasploit500
Dup Scout Enterprise Login Buffer Overflow
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RISCO
abrir ↗Metasploit500
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.