Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Really Simple Security 9.1.1.1 - Authentication Bypass
CVE-2024-10924CRITICAL15 abr 2025
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RISCO
abrir
Exploit-DB
Pymatgen 2024.1 - Remote Code Execution (RCE)
CVE-2024-23346CRITICAL15 abr 2025
pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
48RISCO
abrir
Exploit-DB
Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
CVE-2024-52302HIGH15 abr 2025
common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
41RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
CVE-2024-6516CRITICAL15 abr 2025
Cross Site Scripting XSS
48RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
CVE-2024-6516CRITICAL15 abr 2025
Cross Site Scripting XSS
48RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
CVE-2024-48839CRITICAL15 abr 2025
Remote Code Execution, RCE
48RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
CVE-2024-48839CRITICAL15 abr 2025
Remote Code Execution, RCE
48RISCO
abrir
Exploit-DB
IBMi Navigator 7.5 - HTTP Security Token Bypass
CVE-2024-51464MEDIUM15 abr 2025
IBM i authentication bypass
33RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
CVE-2024-51546HIGH15 abr 2025
Credentails Disclosure
41RISCO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
CVE-2024-6516CRITICAL15 abr 2025
Cross Site Scripting XSS
48RISCO
abrir
Exploit-DB
GestioIP 3.5.7 - Remote Command Execution (RCE)
CVE-2024-48760CRITICAL14 abr 2025
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RISCO
abrir
Exploit-DB
OpenPanel 0.3.4 - Incorrect Access Control
CVE-2024-53582HIGH14 abr 2025
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to exec
41RISCO
abrir
Exploit-DB
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
CVE-2024-53582HIGH14 abr 2025
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to exec
41RISCO
abrir
Exploit-DB
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
CVE-2019-1924514 abr 2025
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[use
23RISCO
abrir
Exploit-DB
OpenPanel 0.3.4 - OS Command Injection
CVE-2024-53584CRITICAL14 abr 2025
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
48RISCO
abrir
Exploit-DB
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
CVE-2024-50858HIGH14 abr 2025
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio
41RISCO
abrir
Exploit-DB
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
CVE-2024-50857MEDIUM14 abr 2025
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en
48RISCO
abrir
Exploit-DB
OpenPanel 0.3.4 - Directory Traversal
CVE-2024-53537CRITICAL14 abr 2025
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager
48RISCO
abrir
Exploit-DB
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
CVE-2024-47605MEDIUM14 abr 2025
Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
33RISCO
abrir
Exploit-DB
MiniCMS 1.1 - Cross Site Scripting (XSS)
CVE-2018-100063811 abr 2025
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={pa
23RISCO
abrir
Exploit-DB
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
CVE-2024-48852MEDIUM11 abr 2025
Information disclosures
33RISCO
abrir
Exploit-DB
GeoVision GV-ASManager 6.1.1.0 - CSRF
CVE-2024-56901HIGH11 abr 2025
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less tha
41RISCO
abrir
Exploit-DB
NEWS-BUZZ News Management System 1.0 - SQL Injection
CVE-2024-10758MEDIUM11 abr 2025
code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection
33RISCO
abrir
Exploit-DB
flatCore 1.5 - Cross Site Request Forgery (CSRF)
CVE-2019-1396111 abr 2025
A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.
23RISCO
abrir
Exploit-DB
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
CVE-2024-56898HIGH11 abr 2025
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low p
41RISCO
abrir
Exploit-DB
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
CVE-2024-48841CRITICAL11 abr 2025
Remote Code Execution (RCE) Vulnerabilities
48RISCO
abrir
Exploit-DB
MagnusSolution magnusbilling 7.3.0 - Command Injection
CVE-2023-30258CRITICAL11 abr 2025
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISCO
abrir
Exploit-DB
CyberPanel 2.3.6 - Remote Code Execution (RCE)
CVE-2024-51378CRITICALsob ataqueransomware11 abr 2025
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RISCO
abrir
Exploit-DB
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
CVE-2024-48841CRITICAL11 abr 2025
Remote Code Execution (RCE) Vulnerabilities
48RISCO
abrir
Exploit-DB
phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
CVE-2023-24657MEDIUM11 abr 2025
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter
48RISCO
abrir
anteriorpágina 10 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.