Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.002exploits catalogados
31.582CVEs com exploração pública
TodosExploit-DB 22.467Referência 19.780GitHub PoC 13.048VulnCheck XDB 8.060Nuclei 4.185Metasploit 3.462recentespopularesrisco
19.780 exploits
Referência
CVE-2026-56111
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RISCO
abrir ↗Referência
CVE-2026-9710
Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure
41RISCO
abrir ↗Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISCO
abrir ↗Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISCO
abrir ↗Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISCO
abrir ↗Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISCO
abrir ↗Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RISCO
abrir ↗Referência
CVE-2020-14883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir ↗Referência
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which all
60RISCO
abrir ↗Referência
CVE-2020-17519
Apache Flink directory traversal attack: reading remote files through the REST API
100RISCO
abrir ↗Referência
CVE-2010-1653
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! a
43RISCO
abrir ↗Referência
CVE-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗Referência
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISCO
abrir ↗Referência
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISCO
abrir ↗Referência
CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISCO
abrir ↗Referência
CVE-2026-7738
puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
33RISCO
abrir ↗Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RISCO
abrir ↗Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RISCO
abrir ↗Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir ↗Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir ↗Referência
CVE-2016-7621
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchO
23RISCO
abrir ↗Referência
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir ↗Referência
CVE-2026-7732
code-projects BloodBank Managing System request_blood.php unrestricted upload
33RISCO
abrir ↗Referência
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RISCO
abrir ↗Referência
CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.