Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
NetAlertX File Read Vulnerability
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and
48RISCO
abrir ↗Metasploit600
Cacti Graph Template authenticated RCE versions prior to 1.2.29
Cacti allows Arbitrary File Creation leading to RCE
48RISCO
abrir ↗Metasploit600
GestioIP 3.5.7 Remote Command Execution
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RISCO
abrir ↗Metasploit300
Car Rental System 1.0 File Upload RCE (Authenticated)
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types a
28RISCO
abrir ↗Metasploit300
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl
100RISCO
abrir ↗Metasploit600
Remote Code Execution Vulnerability in Vvveb
givanz Vvveb Code Editor code.php save code injection
28RISCO
abrir ↗Metasploit600
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RISCO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
Clinics Patient Management System SQL Injection
43RISCO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
SourceCodester Clinics Patient Management System unrestricted upload
28RISCO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
23RISCO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
41RISCO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
36RISCO
abrir ↗Metasploit600
Windows Cloud File Mini Filer Driver Heap Overflow
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RISCO
abrir ↗Metasploit600
Craft CMS Twig Template Injection RCE via FTP Templates Path
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISCO
abrir ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RISCO
abrir ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
95RISCO
abrir ↗Metasploit600
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_
36RISCO
abrir ↗Metasploit600
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote com
55RISCO
abrir ↗Metasploit600
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RISCO
abrir ↗Metasploit300
LINQPad Deserialization
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(
36RISCO
abrir ↗Metasploit600
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Command Injection leading to RCE via LDAP Misconfiguration
50RISCO
abrir ↗Metasploit600
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
mySCADA myPRO OS Command Injection
55RISCO
abrir ↗Metasploit500
Ubuntu needrestart Privilege Escalation
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tric
41RISCO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
100RISCO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
100RISCO
abrir ↗Metasploit600
LibreNMS Authenticated RCE (CVE-2024-51092)
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutContr
43RISCO
abrir ↗Metasploit600
WordPress WP Time Capsule Arbitrary File Upload to RCE
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RISCO
abrir ↗Metasploit600
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RISCO
abrir ↗Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir ↗Metasploit600
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the f
36RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.