Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Ollama Model Registry Path Traversal RCE
CVE-2024-37032HIGH05 mai 2024
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir
Metasploit600
Flowmon Unauthenticated Command Injection
CVE-2024-2389CRITICAL23 abr 2024
Flowmon Unauthenticated Command Injection Vulnerability
85RISCO
abrir
Metasploit600
Apache HugeGraph Gremlin RCE
CVE-2024-27348CRITICALsob ataque22 abr 2024
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir
Metasploit600
FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE
CVE-2023-48788CRITICALsob ataqueransomware21 abr 2024
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RISCO
abrir
Metasploit600
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
CVE-2024-3400CRITICALsob ataqueransomware12 abr 2024
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir
Metasploit300
Netdata ndsudo privilege escalation
CVE-2024-32019HIGH12 abr 2024
ndsudo: local privilege escalation via untrusted search path
36RISCO
abrir
Metasploit600
Chaos RAT XSS to RCE
CVE-2024-3085010 abr 2024
15RISCO
abrir
Metasploit600
Chaos RAT XSS to RCE
CVE-2024-31839MEDIUM10 abr 2024
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via th
28RISCO
abrir
Metasploit600
AVideo WWBNIndex Plugin Unauthenticated RCE
CVE-2024-31819CRITICAL09 abr 2024
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath
68RISCO
abrir
Metasploit600
pgAdmin Binary Path API RCE
CVE-2024-3116HIGH28 mar 2024
Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
48RISCO
abrir
Metasploit600
Kemp LoadMaster Local sudo privilege escalation
CVE-2024-1212CRITICALsob ataque19 mar 2024
LoadMaster Pre-Authenticated OS Command Injection
100RISCO
abrir
Metasploit600
Kemp LoadMaster Unauthenticated Command Injection
CVE-2024-1212CRITICALsob ataque19 mar 2024
LoadMaster Pre-Authenticated OS Command Injection
100RISCO
abrir
Metasploit600
Progress Flowmon Local sudo privilege escalation
CVE-2024-2389CRITICAL19 mar 2024
Flowmon Unauthenticated Command Injection Vulnerability
85RISCO
abrir
Metasploit600
Gibbon School Platform Authenticated PHP Deserialization Vulnerability
CVE-2024-24725HIGH18 mar 2024
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS
48RISCO
abrir
Metasploit600
RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.
CVE-2024-24578CRITICAL16 mar 2024
RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload
43RISCO
abrir
Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
CVE-2024-28254HIGH15 mar 2024
SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
48RISCO
abrir
Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
CVE-2024-28255CRITICAL15 mar 2024
Authentication Bypass in OpenMetadata
85RISCO
abrir
Metasploit600
Ghostscript Command Execution via Format String
CVE-2024-29510MEDIUM14 mar 2024
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with
33RISCO
abrir
Metasploit600
WordPress wp-automatic Plugin SQLi Admin Creation
CVE-2024-27956CRITICAL13 mar 2024
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
85RISCO
abrir
Metasploit300
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
CVE-2024-20767HIGHsob ataque12 mar 2024
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir
Metasploit600
NorthStar C2 XSS to Agent RCE
CVE-2024-28741HIGH12 mar 2024
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code
58RISCO
abrir
Metasploit600
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
CVE-2024-2054CRITICAL05 mar 2024
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
85RISCO
abrir
Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
CVE-2024-27198CRITICALsob ataqueransomware04 mar 2024
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
Metasploit600
Judge0 sandbox escape
CVE-2024-28189CRITICAL04 mar 2024
Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
43RISCO
abrir
Metasploit600
Judge0 sandbox escape
CVE-2024-28185CRITICAL04 mar 2024
Judge0 vulnerable to Sandbox Escape via Symbolic Link
43RISCO
abrir
Metasploit600
pgAdmin Session Deserialization RCE
CVE-2024-2044CRITICAL04 mar 2024
Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
65RISCO
abrir
Metasploit600
Apache Solr Backup/Restore APIs RCE
CVE-2023-50386HIGH24 fev 2024
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
58RISCO
abrir
Metasploit600
Unauthenticated RCE in Bricks Builder Theme
CVE-2024-25600CRITICAL19 fev 2024
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir
Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
CVE-2024-1708HIGHsob ataqueransomware19 fev 2024
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RISCO
abrir
Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
CVE-2024-1709CRITICALsob ataqueransomware19 fev 2024
Authentication bypass using an alternate path or channel
100RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.