Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Camaleon CMS Directory Traversal CVE-2024-46987
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir ↗Metasploit500
Asterisk AMI Originate Authenticated RCE
Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
36RISCO
abrir ↗Metasploit300
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remo
100RISCO
abrir ↗Metasploit600
Calibre Python Code Injection (CVE-2024-6782)
Calibre Remote Code Execution
85RISCO
abrir ↗Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RISCO
abrir ↗Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
XXE can expose crypt key and other secrets granting full admin access
100RISCO
abrir ↗Metasploit600
Acronis Cyber Infrastructure default password remote code execution
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastruct
85RISCO
abrir ↗Metasploit300
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RISCO
abrir ↗Metasploit600
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir ↗Metasploit600
Authenticated RCE in Splunk (splunk_archiver app)
Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
36RISCO
abrir ↗Metasploit600
Geoserver unauthenticated Remote Code Execution
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir ↗Metasploit300
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
MOVEit Transfer Authentication Bypass Vulnerability
85RISCO
abrir ↗Metasploit300
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)
65RISCO
abrir ↗Metasploit500
vCenter Sudo Privilege Escalation
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An auth
36RISCO
abrir ↗Metasploit300
Magento XXE Unserialize Arbitrary File Read
XXE can expose crypt key and other secrets granting full admin access
100RISCO
abrir ↗Metasploit600
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
Win32k Elevation of Privilege Vulnerability
36RISCO
abrir ↗Metasploit600
Windows Access Mode Mismatch LPE in ks.sys
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RISCO
abrir ↗Metasploit600
PHP CGI Argument Injection Remote Code Execution
Argument Injection in PHP-CGI
100RISCO
abrir ↗Metasploit300
Telerik Report Server Auth Bypass
Registration Authentication Bypass Vulnerability
100RISCO
abrir ↗Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
Registration Authentication Bypass Vulnerability
100RISCO
abrir ↗Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
Progress Telerik Report Server Deserialization
55RISCO
abrir ↗Metasploit0
macOS PackageKit ZSH Environment Privilege Escalation
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to
36RISCO
abrir ↗Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
Apache OFBiz: Path traversal leading to RCE
100RISCO
abrir ↗Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
100RISCO
abrir ↗Metasploit600
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir ↗Metasploit300
Ivanti EPM RecordGoodApp SQLi RCE
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated att
100RISCO
abrir ↗Metasploit600
WordPress Hash Form Plugin RCE
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
75RISCO
abrir ↗Metasploit600
Atlassian Confluence Administrator Code Macro Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir ↗Metasploit600
DIAEnergie SQL Injection (CVE-2024-4548)
Delta Electronics DIAEnergie SQL Injection
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.