Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Langflow AI RCE
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir ↗Metasploit600
BentoML's runner server RCE
Insecure Deserialization leads to RCE in BentoML's runner server
75RISCO
abrir ↗Metasploit600
BentoML RCE
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
75RISCO
abrir ↗Metasploit500
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7
100RISCO
abrir ↗Metasploit600
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
75RISCO
abrir ↗Metasploit300
Gladinet CentreStack/Triofox Path Traversal
Gladinet CentreStack and TrioFox Local File Inclusion Flaw
100RISCO
abrir ↗Metasploit600
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the
100RISCO
abrir ↗Metasploit600
Appsmith RCE
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image lea
43RISCO
abrir ↗Metasploit600
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
68RISCO
abrir ↗Metasploit300
Next.js Middleware Authorization Bypass Scanner
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗Metasploit600
ICTBroadcast Unauthenticated Remote Code Execution
ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE
63RISCO
abrir ↗Metasploit600
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
QuickShell Authenticated Command Injection
48RISCO
abrir ↗Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RISCO
abrir ↗Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
78RISCO
abrir ↗Metasploit300
Sante PACS Server Path Traversal (CVE-2025-2264)
Santesoft Sante PACS Server Path Traversal Information Disclosure
48RISCO
abrir ↗Metasploit300
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RISCO
abrir ↗Metasploit600
Tomcat Partial PUT Java Deserialization
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir ↗Metasploit300
Xorcom CompletePBX Authenticated File Disclosure via Backup Download
Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
28RISCO
abrir ↗Metasploit600
Xorcom CompletePBX Authenticated Command Injection via Task Scheduler
Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
36RISCO
abrir ↗Metasploit300
Xorcom CompletePBX Arbitrary File Read and Deletion via systemDataFileName
Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
36RISCO
abrir ↗Metasploit600
Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗Metasploit600
SPIP Saisies Plugin Unauthenticated RCE
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RISCO
abrir ↗Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
mySCADA myPRO Manager Missing Authentication for Critical Function
43RISCO
abrir ↗Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
mySCADA myPRO Manager Cleartext Storage of Sensitive Information
43RISCO
abrir ↗Metasploit300
Audiobookshelf Unauthenticated API Authentication Bypass Scanner
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
36RISCO
abrir ↗Metasploit600
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Remote code execution in Wazuh server
100RISCO
abrir ↗Metasploit600
InvokeAI RCE
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RISCO
abrir ↗Metasploit600
Unauthenticated RCE in NetAlertX
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because fun
75RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.