Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
CVE-2023-4548MEDIUM08 set 2023
SPA-Cart eCommerce CMS GET Parameter search sql injection
38RISCO
abrir
Exploit-DB
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
CVE-2022-495308 set 2023
Elementor < 3.5.5 - Iframe Injection
23RISCO
abrir
Exploit-DB
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
CVE-2023-3472308 set 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information
23RISCO
abrir
Exploit-DB
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
CVE-2022-3147008 set 2023
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12
50RISCO
abrir
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
CVE-2023-4547LOW04 set 2023
SPA-Cart eCommerce CMS search cross site scripting
55RISCO
abrir
Exploit-DB
Credit Lite 1.5.4 - SQL Injection
CVE-2023-4407MEDIUM04 set 2023
Codecanyon Credit Lite POST Request account_statement sql injection
33RISCO
abrir
Exploit-DB
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
CVE-2022-25148CRITICAL04 set 2023
WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id
85RISCO
abrir
Exploit-DB
AdminLTE PiHole 5.18 - Broken Access Control
CVE-2022-23513MEDIUM04 set 2023
Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
45RISCO
abrir
Exploit-DB
FileMage Gateway 1.10.9 - Local File Inclusion
CVE-2023-3902604 set 2023
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISCO
abrir
Exploit-DB
Hyip Rio 2.1 - Arbitrary File Upload
CVE-2023-4382LOW04 set 2023
tdevs Hyip Rio Profile Settings settings cross site scripting
28RISCO
abrir
Exploit-DB
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
CVE-2023-32560HIGH04 set 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RISCO
abrir
Exploit-DB
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
CVE-2023-3775921 ago 2023
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticat
23RISCO
abrir
Exploit-DB
TP-Link Archer AX21 - Unauthenticated Command Injection
CVE-2023-1389HIGHsob ataque10 ago 2023
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability i
100RISCO
abrir
Exploit-DB
mooSocial 3.1.8 - Reflected XSS
CVE-2023-4173LOW08 ago 2023
mooSocial mooStore index cross site scripting
43RISCO
abrir
Exploit-DB
Emagic Data Center Management Suite v6.0 - OS Command Injection
CVE-2023-37569HIGH08 ago 2023
OS Command Injection Vulnerability in Emagic Data Center Management Suite
46RISCO
abrir
Exploit-DB
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
CVE-2023-2968908 ago 2023
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template in
35RISCO
abrir
Exploit-DB
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
CVE-2023-4168MEDIUM08 ago 2023
Templatecookie Adlisting Redirect ad-list information disclosure
60RISCO
abrir
Exploit-DB
Social-Commerce 3.1.6 - Reflected XSS
CVE-2023-4174LOW08 ago 2023
mooSocial mooStore cross site scripting
43RISCO
abrir
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
CVE-2023-321904 ago 2023
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
38RISCO
abrir
Exploit-DB
Shelly PRO 4PM v0.11.0 - Authentication Bypass
CVE-2023-3338304 ago 2023
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition t
23RISCO
abrir
Exploit-DB
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
CVE-2023-37979HIGH04 ago 2023
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
56RISCO
abrir
Exploit-DB
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
CVE-2023-4117MEDIUM04 ago 2023
PHP Jabbers Rental Property Booking index.php cross site scripting
33RISCO
abrir
Exploit-DB
PHPJabbers Night Club Booking 1.0 - Reflected XSS
CVE-2023-4114MEDIUM04 ago 2023
PHP Jabbers Night Club Booking Software index.php cross site scripting
48RISCO
abrir
Exploit-DB
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
CVE-2023-4112MEDIUM04 ago 2023
PHP Jabbers Shuttle Booking Software index.php cross site scripting
48RISCO
abrir
Exploit-DB
PHPJabbers Taxi Booking 2.0 - Reflected XSS
CVE-2023-4116MEDIUM04 ago 2023
PHP Jabbers Taxi Booking index.php cross site scripting
48RISCO
abrir
Exploit-DB
PHPJabbers Cleaning Business 1.0 - Reflected XSS
CVE-2023-4115MEDIUM04 ago 2023
PHP Jabbers Cleaning Business index.php cross site scripting
48RISCO
abrir
Exploit-DB
PHPJabbers Service Booking Script 1.0 - Reflected XSS
CVE-2023-4113MEDIUM04 ago 2023
PHP Jabbers Service Booking Script index.php cross site scripting
48RISCO
abrir
Exploit-DB
Academy LMS 6.0 - Reflected XSS
CVE-2023-4119MEDIUM04 ago 2023
Academy LMS courses cross site scripting
33RISCO
abrir
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
CVE-2023-279604 ago 2023
EventON < 2.1.2 - Unauthenticated Event Access
50RISCO
abrir
Exploit-DB
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
CVE-2023-3914731 jul 2023
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafte
23RISCO
abrir
anteriorpágina 15 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.