Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Soft
50RISCO
abrir ↗Metasploit600
ClipBucket Remote Code Execution
ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
63RISCO
abrir ↗Metasploit600
ibstat $PATH Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, a
38RISCO
abrir ↗Metasploit600
Zabbix 2.0.8 SQL Injection and Remote Code Execution
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
60RISCO
abrir ↗Metasploit600
ZeroShell Remote Code Execution
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell meta
60RISCO
abrir ↗Metasploit600
Cisco Prime Data Center Network Manager Arbitrary File Upload
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager
60RISCO
abrir ↗Metasploit300
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RISCO
abrir ↗Metasploit0
Astium Remote Code Execution
Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE
63RISCO
abrir ↗Metasploit600
F5 iControl Remote Root Command Execution
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5
50RISCO
abrir ↗Metasploit600
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE
36RISCO
abrir ↗Metasploit0
GLPI install.php Remote Command Execution
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installati
38RISCO
abrir ↗Metasploit600
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote a
68RISCO
abrir ↗Metasploit300
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (
50RISCO
abrir ↗Metasploit600
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0,
50RISCO
abrir ↗Metasploit600
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4
60RISCO
abrir ↗Metasploit600
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
60RISCO
abrir ↗Metasploit600
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1
38RISCO
abrir ↗Metasploit600
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not
98RISCO
abrir ↗Metasploit300
HTTP Client LAN IP Address Gather
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client informati
50RISCO
abrir ↗Metasploit600
Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow re
50RISCO
abrir ↗Metasploit600
VMWare Setuid vmware-mount Unsafe popen(3)
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allo
38RISCO
abrir ↗Metasploit300
freeFTPd PASS Command Buffer Overflow
freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
63RISCO
abrir ↗Metasploit600
Graphite Web Unsafe Pickle Handling
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
50RISCO
abrir ↗Metasploit500
Java storeImageArray() Invalid Array Indexing Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 U
100RISCO
abrir ↗Metasploit300
Adobe Reader ToolButton Use After Free
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RISCO
abrir ↗Metasploit500
Adobe ColdFusion RDS Authentication Bypass
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and pos
100RISCO
abrir ↗Metasploit300
Adobe Reader ToolButton Use After Free
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RISCO
abrir ↗Metasploit600
OpenX Backdoor PHP Code Execution
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.