Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
SPA-Cart eCommerce CMS GET Parameter search sql injection
38RISCO
abrir ↗Exploit-DB
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
Elementor < 3.5.5 - Iframe Injection
23RISCO
abrir ↗Exploit-DB
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information
23RISCO
abrir ↗Exploit-DB
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12
50RISCO
abrir ↗Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
SPA-Cart eCommerce CMS search cross site scripting
55RISCO
abrir ↗Exploit-DB
Credit Lite 1.5.4 - SQL Injection
Codecanyon Credit Lite POST Request account_statement sql injection
33RISCO
abrir ↗Exploit-DB
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id
85RISCO
abrir ↗Exploit-DB
AdminLTE PiHole 5.18 - Broken Access Control
Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
45RISCO
abrir ↗Exploit-DB
FileMage Gateway 1.10.9 - Local File Inclusion
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISCO
abrir ↗Exploit-DB
Hyip Rio 2.1 - Arbitrary File Upload
tdevs Hyip Rio Profile Settings settings cross site scripting
28RISCO
abrir ↗Exploit-DB
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RISCO
abrir ↗Exploit-DB
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticat
23RISCO
abrir ↗Exploit-DB
TP-Link Archer AX21 - Unauthenticated Command Injection
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability i
100RISCO
abrir ↗Exploit-DB
mooSocial 3.1.8 - Reflected XSS
mooSocial mooStore index cross site scripting
43RISCO
abrir ↗Exploit-DB
Emagic Data Center Management Suite v6.0 - OS Command Injection
OS Command Injection Vulnerability in Emagic Data Center Management Suite
46RISCO
abrir ↗Exploit-DB
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template in
35RISCO
abrir ↗Exploit-DB
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
Templatecookie Adlisting Redirect ad-list information disclosure
60RISCO
abrir ↗Exploit-DB
Social-Commerce 3.1.6 - Reflected XSS
mooSocial mooStore cross site scripting
43RISCO
abrir ↗Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
38RISCO
abrir ↗Exploit-DB
Shelly PRO 4PM v0.11.0 - Authentication Bypass
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition t
23RISCO
abrir ↗Exploit-DB
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
56RISCO
abrir ↗Exploit-DB
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
PHP Jabbers Rental Property Booking index.php cross site scripting
33RISCO
abrir ↗Exploit-DB
PHPJabbers Night Club Booking 1.0 - Reflected XSS
PHP Jabbers Night Club Booking Software index.php cross site scripting
48RISCO
abrir ↗Exploit-DB
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
PHP Jabbers Shuttle Booking Software index.php cross site scripting
48RISCO
abrir ↗Exploit-DB
PHPJabbers Taxi Booking 2.0 - Reflected XSS
PHP Jabbers Taxi Booking index.php cross site scripting
48RISCO
abrir ↗Exploit-DB
PHPJabbers Cleaning Business 1.0 - Reflected XSS
PHP Jabbers Cleaning Business index.php cross site scripting
48RISCO
abrir ↗Exploit-DB
PHPJabbers Service Booking Script 1.0 - Reflected XSS
PHP Jabbers Service Booking Script index.php cross site scripting
48RISCO
abrir ↗Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
EventON < 2.1.2 - Unauthenticated Event Access
50RISCO
abrir ↗Exploit-DB
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafte
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.