Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
Ollama Model Registry Path Traversal RCE
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir ↗Metasploit600
Flowmon Unauthenticated Command Injection
Flowmon Unauthenticated Command Injection Vulnerability
85RISCO
abrir ↗Metasploit600
Apache HugeGraph Gremlin RCE
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir ↗Metasploit600
FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RISCO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir ↗Metasploit300
Netdata ndsudo privilege escalation
ndsudo: local privilege escalation via untrusted search path
36RISCO
abrir ↗Metasploit600
Chaos RAT XSS to RCE
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via th
28RISCO
abrir ↗Metasploit600
AVideo WWBNIndex Plugin Unauthenticated RCE
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath
68RISCO
abrir ↗Metasploit600
pgAdmin Binary Path API RCE
Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
48RISCO
abrir ↗Metasploit600
Kemp LoadMaster Local sudo privilege escalation
LoadMaster Pre-Authenticated OS Command Injection
100RISCO
abrir ↗Metasploit600
Kemp LoadMaster Unauthenticated Command Injection
LoadMaster Pre-Authenticated OS Command Injection
100RISCO
abrir ↗Metasploit600
Progress Flowmon Local sudo privilege escalation
Flowmon Unauthenticated Command Injection Vulnerability
85RISCO
abrir ↗Metasploit600
Gibbon School Platform Authenticated PHP Deserialization Vulnerability
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS
48RISCO
abrir ↗Metasploit600
RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.
RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload
43RISCO
abrir ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
48RISCO
abrir ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
Authentication Bypass in OpenMetadata
85RISCO
abrir ↗Metasploit600
Ghostscript Command Execution via Format String
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with
33RISCO
abrir ↗Metasploit600
WordPress wp-automatic Plugin SQLi Admin Creation
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
85RISCO
abrir ↗Metasploit300
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir ↗Metasploit600
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code
58RISCO
abrir ↗Metasploit600
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
85RISCO
abrir ↗Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗Metasploit600
Judge0 sandbox escape
Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
43RISCO
abrir ↗Metasploit600
Judge0 sandbox escape
Judge0 vulnerable to Sandbox Escape via Symbolic Link
43RISCO
abrir ↗Metasploit600
pgAdmin Session Deserialization RCE
Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
65RISCO
abrir ↗Metasploit600
Apache Solr Backup/Restore APIs RCE
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
58RISCO
abrir ↗Metasploit600
Unauthenticated RCE in Bricks Builder Theme
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RISCO
abrir ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Authentication bypass using an alternate path or channel
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.