Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Camaleon CMS Directory Traversal CVE-2024-46987
CVE-2024-46987HIGH08 ago 2024
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir
Metasploit500
Asterisk AMI Originate Authenticated RCE
CVE-2024-42365HIGH08 ago 2024
Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
36RISCO
abrir
Metasploit300
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVE-2024-7593CRITICALsob ataque05 ago 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remo
100RISCO
abrir
Metasploit600
Calibre Python Code Injection (CVE-2024-6782)
CVE-2024-6782CRITICAL31 jul 2024
Calibre Remote Code Execution
85RISCO
abrir
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-2961HIGH26 jul 2024
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RISCO
abrir
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-34102CRITICALsob ataque26 jul 2024
XXE can expose crypt key and other secrets granting full admin access
100RISCO
abrir
Metasploit600
Acronis Cyber Infrastructure default password remote code execution
CVE-2023-45249CRITICALsob ataque24 jul 2024
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastruct
85RISCO
abrir
Metasploit300
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
CVE-2024-20419CRITICAL20 jul 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RISCO
abrir
Metasploit600
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
CVE-2024-11680CRITICALsob ataque19 jul 2024
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir
Metasploit600
Authenticated RCE in Splunk (splunk_archiver app)
CVE-2024-36985HIGH01 jul 2024
Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
36RISCO
abrir
Metasploit600
Geoserver unauthenticated Remote Code Execution
CVE-2024-36401CRITICALsob ataque01 jul 2024
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir
Metasploit300
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
CVE-2024-5806CRITICAL25 jun 2024
MOVEit Transfer Authentication Bypass Vulnerability
85RISCO
abrir
Metasploit300
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
CVE-2024-5276CRITICAL25 jun 2024
SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)
65RISCO
abrir
Metasploit500
vCenter Sudo Privilege Escalation
CVE-2024-37081HIGH18 jun 2024
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An auth
36RISCO
abrir
Metasploit300
Magento XXE Unserialize Arbitrary File Read
CVE-2024-34102CRITICALsob ataque11 jun 2024
XXE can expose crypt key and other secrets granting full admin access
100RISCO
abrir
Metasploit600
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
CVE-2024-30038HIGH11 jun 2024
Win32k Elevation of Privilege Vulnerability
36RISCO
abrir
Metasploit600
Windows Access Mode Mismatch LPE in ks.sys
CVE-2024-35250HIGHsob ataque11 jun 2024
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RISCO
abrir
Metasploit600
PHP CGI Argument Injection Remote Code Execution
CVE-2024-4577CRITICALsob ataqueransomware06 jun 2024
Argument Injection in PHP-CGI
100RISCO
abrir
Metasploit300
Telerik Report Server Auth Bypass
CVE-2024-4358CRITICALsob ataque04 jun 2024
Registration Authentication Bypass Vulnerability
100RISCO
abrir
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-4358CRITICALsob ataque04 jun 2024
Registration Authentication Bypass Vulnerability
100RISCO
abrir
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-1800CRITICAL04 jun 2024
Progress Telerik Report Server Deserialization
55RISCO
abrir
Metasploit0
macOS PackageKit ZSH Environment Privilege Escalation
CVE-2024-27822HIGH03 jun 2024
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to
36RISCO
abrir
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-32113CRITICALsob ataque30 mai 2024
Apache OFBiz: Path traversal leading to RCE
100RISCO
abrir
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-38856HIGHsob ataque30 mai 2024
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
100RISCO
abrir
Metasploit600
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
CVE-2024-23692CRITICALsob ataque25 mai 2024
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir
Metasploit300
Ivanti EPM RecordGoodApp SQLi RCE
CVE-2024-29824CRITICALsob ataque24 mai 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated att
100RISCO
abrir
Metasploit600
WordPress Hash Form Plugin RCE
CVE-2024-5084CRITICAL23 mai 2024
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
75RISCO
abrir
Metasploit600
Atlassian Confluence Administrator Code Macro Remote Code Execution
CVE-2024-21683HIGH21 mai 2024
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir
Metasploit600
Cacti Import Packages RCE
CVE-2024-25641CRITICAL12 mai 2024
Cacti RCE vulnerability when importing packages
85RISCO
abrir
Metasploit600
DIAEnergie SQL Injection (CVE-2024-4548)
CVE-2024-4548CRITICAL06 mai 2024
Delta Electronics DIAEnergie SQL Injection
48RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.