Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the comp
41RISCO
abrir ↗Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS comman
53RISCO
abrir ↗Exploit-DB
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's securit
23RISCO
abrir ↗Exploit-DB
Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
41RISCO
abrir ↗Exploit-DB
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir ↗Exploit-DB
Optoma 1080PSTX Firmware C02 - Authentication Bypass
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid cr
60RISCO
abrir ↗Exploit-DB
Apache Superset 2.0.0 - Authentication Bypass
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir ↗Exploit-DB
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL
48RISCO
abrir ↗Exploit-DB
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive informat
48RISCO
abrir ↗Exploit-DB
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allo
48RISCO
abrir ↗Exploit-DB
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to d
41RISCO
abrir ↗Exploit-DB
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
33RISCO
abrir ↗Exploit-DB
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitr
33RISCO
abrir ↗Exploit-DB
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file paramete
41RISCO
abrir ↗Exploit-DB
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_pro
41RISCO
abrir ↗Exploit-DB
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to exe
33RISCO
abrir ↗Exploit-DB
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
TEM FLEX-1085 reboot denial of service
41RISCO
abrir ↗Exploit-DB
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to ex
46RISCO
abrir ↗Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code v
48RISCO
abrir ↗Exploit-DB
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of dat
38RISCO
abrir ↗Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authentica
60RISCO
abrir ↗Exploit-DB
Jedox 2022.4.2 - Code Execution via RPC Interfaces
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load a
41RISCO
abrir ↗Exploit-DB
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users wi
33RISCO
abrir ↗Exploit-DB
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
SourceCodester Online Pizza Ordering System unrestricted upload
33RISCO
abrir ↗Exploit-DB
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web
48RISCO
abrir ↗Exploit-DB
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalat
41RISCO
abrir ↗Exploit-DB
FS-S3900-24T4S - Privilege Escalation
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin
41RISCO
abrir ↗Exploit-DB
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10
100RISCO
abrir ↗Exploit-DB
PaperCut NG/MG 22.0.4 - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir ↗Exploit-DB
KodExplorer 4.49 - CSRF to Arbitrary File Upload
kalcaddle KodExplorer cross-site request forgery
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.