Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
Microsoft Office Remote Code Execution Vulnerability
41RISCO
abrir ↗Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RISCO
abrir ↗Exploit-DB
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download
41RISCO
abrir ↗Exploit-DB
Azure Apache Ambari 2302250400 - Spoofing
Azure Apache Ambari Spoofing Vulnerability
33RISCO
abrir ↗Exploit-DB
Windows 11 22h2 - Kernel Privilege Elevation
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir ↗Exploit-DB
Microsoft SharePoint Enterprise Server 2016 - Spoofing
Microsoft SharePoint Server Spoofing Vulnerability
41RISCO
abrir ↗Exploit-DB
NCH Express Invoice - Clear Text Password Storage and Account Takeover
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
23RISCO
abrir ↗Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the
68RISCO
abrir ↗Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via Display
41RISCO
abrir ↗Exploit-DB
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,
33RISCO
abrir ↗Exploit-DB
Super Socializer 7.13.52 - Reflected XSS
Super Socializer < 7.13.52 - Reflected XSS
48RISCO
abrir ↗Exploit-DB
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISCO
abrir ↗Exploit-DB
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
33RISCO
abrir ↗Exploit-DB
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
Password reset links invalidation issue in WordPress
38RISCO
abrir ↗Exploit-DB
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Code Injection in pyload/pyload
85RISCO
abrir ↗Exploit-DB
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
SourceCodester Sales Tracker Management System cross site scripting
28RISCO
abrir ↗Exploit-DB
Teachers Record Management System 1.0 - File Upload Type Validation
PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload
33RISCO
abrir ↗Exploit-DB
WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISCO
abrir ↗Exploit-DB
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
56RISCO
abrir ↗Exploit-DB
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the
41RISCO
abrir ↗Exploit-DB
File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RISCO
abrir ↗Exploit-DB
Online Security Guards Hiring System 1.0 - Reflected XSS
PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting
43RISCO
abrir ↗Exploit-DB
Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISCO
abrir ↗Exploit-DB
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type in unilogies/bumsys
41RISCO
abrir ↗Exploit-DB
Pydio Cells 4.1.2 - Server-Side Request Forgery
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which
33RISCO
abrir ↗Exploit-DB
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are genera
33RISCO
abrir ↗Exploit-DB
Faculty Evaluation System 1.0 - Unauthenticated File Upload
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_u
61RISCO
abrir ↗Exploit-DB
Pydio Cells 4.1.2 - Unauthorised Role Assignments
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISCO
abrir ↗Exploit-DB
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
60RISCO
abrir ↗Exploit-DB
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.