Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3846LOW28 jul 2023
mooSocial mooDating URL pages cross site scripting
43RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3848LOW28 jul 2023
mooSocial mooDating URL view cross site scripting
43RISCO
abrir
Exploit-DB
RosarioSIS 10.8.4 - CSV Injection
CVE-2023-29918MEDIUM28 jul 2023
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
33RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3847LOW28 jul 2023
mooSocial mooDating URL users cross site scripting
43RISCO
abrir
Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
CVE-2023-38501MEDIUM28 jul 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3849LOW28 jul 2023
mooSocial mooDating URL find-a-match cross site scripting
43RISCO
abrir
Exploit-DB
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
CVE-2023-263628 jul 2023
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
23RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3844LOW28 jul 2023
mooSocial mooDating URL friends cross site scripting
43RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3845LOW28 jul 2023
mooSocial mooDating URL ajax_invite cross site scripting
43RISCO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3843LOW28 jul 2023
mooSocial mooDating URL question cross site scripting
43RISCO
abrir
Exploit-DB
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
CVE-2023-33148HIGH20 jul 2023
Microsoft Office Elevation of Privilege Vulnerability
41RISCO
abrir
Exploit-DB
pfSense v2.7.0 - OS Command Injection
CVE-2023-2725320 jul 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RISCO
abrir
Exploit-DB
RWS WorldServer 11.7.3 - Session Token Enumeration
CVE-2023-3835720 jul 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized a
23RISCO
abrir
Exploit-DB
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
CVE-2022-28171HIGH19 jul 2023
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to t
53RISCO
abrir
Exploit-DB
ABB FlowX v4.00 - Exposure of Sensitive Information
CVE-2023-1258MEDIUM19 jul 2023
Flow-X disclosure of sensitive information to unauthenticated users
33RISCO
abrir
Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
CVE-2023-3762919 jul 2023
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by send
43RISCO
abrir
Exploit-DB
Icinga Web 2.10 - Authenticated Remote Code Execution
CVE-2022-24715HIGH15 jul 2023
Arbitrary code execution for authenticated users in Icinga Web 2
46RISCO
abrir
Exploit-DB
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
CVE-2019-1937CRITICAL15 jul 2023
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISCO
abrir
Exploit-DB
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
CVE-2023-37269LOW15 jul 2023
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
28RISCO
abrir
Exploit-DB
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
CVE-2023-3616311 jul 2023
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code
23RISCO
abrir
Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
CVE-2022-22963CRITICALsob ataque11 jul 2023
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISCO
abrir
Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
CVE-2022-21907CRITICAL07 jul 2023
HTTP Protocol Stack Remote Code Execution Vulnerability
70RISCO
abrir
Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
CVE-2023-33131HIGH07 jul 2023
Microsoft Outlook Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Lost and Found Information System v1.0 - SQL Injection
CVE-2023-3359206 jul 2023
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
23RISCO
abrir
Exploit-DB
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
CVE-2023-33145MEDIUM06 jul 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
33RISCO
abrir
Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
CVE-2023-3634803 jul 2023
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RISCO
abrir
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
CVE-2023-33137HIGH03 jul 2023
Microsoft Excel Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
FuguHub 8.1 - Remote Code Execution
CVE-2023-24078HIGH03 jul 2023
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the c
53RISCO
abrir
Exploit-DB
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
CVE-2023-3634603 jul 2023
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RISCO
abrir
Exploit-DB
TP-Link TL-WR940N V4 - Buffer OverFlow
CVE-2023-3635503 jul 2023
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6Cfg
35RISCO
abrir
anteriorpágina 16 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.