Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
19.791 exploits
Referência
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RISCO
abrir
Referência
CVE-2010-0249
CVE-2010-0249HIGHsob ataque
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and S
100RISCO
abrir
Referência
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
28RISCO
abrir
Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir
Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir
Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir
Referência
CVE-2020-8657
CVE-2020-8657CRITICALsob ataque
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISCO
abrir
Referência
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RISCO
abrir
Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISCO
abrir
Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISCO
abrir
Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISCO
abrir
Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISCO
abrir
Referência
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISCO
abrir
Referência
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISCO
abrir
Referência
CVE-2024-11680
CVE-2024-11680CRITICALsob ataque
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir
Referência
CVE-2024-11680
CVE-2024-11680CRITICALsob ataque
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir
Referência
CVE-2024-11680
CVE-2024-11680CRITICALsob ataque
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir
Referência
CVE-2022-26352
CVE-2022-26352CRITICALsob ataqueransomware
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RISCO
abrir
Referência
CVE-2017-16806
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RISCO
abrir
Referência
CVE-2018-16509
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RISCO
abrir
Referência
CVE-2018-3810
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unau
60RISCO
abrir
Referência
CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authen
60RISCO
abrir
Referência
CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authen
60RISCO
abrir
Referência
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RISCO
abrir
Referência
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
28RISCO
abrir
Referência
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISCO
abrir
Referência
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISCO
abrir
Referência
CVE-2017-3066
CVE-2017-3066CRITICALsob ataque
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier hav
100RISCO
abrir
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmwa
45RISCO
abrir
Referência
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remot
60RISCO
abrir
anteriorpágina 13 / 660próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.