Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 abr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RISCO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
CVE-2022-31125CRITICAL03 abr 2023
Authentication Bypass in Roxy-wi
53RISCO
abrir
Exploit-DB
sleuthkit 4.11.1 - Command Injection
CVE-2022-45639HIGH03 abr 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RISCO
abrir
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 abr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RISCO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
CVE-2023-2316103 abr 2023
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RISCO
abrir
Exploit-DB
Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706HIGH01 abr 2023
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISCO
abrir
Exploit-DB
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
CVE-2022-4819701 abr 2023
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, Tree
38RISCO
abrir
Exploit-DB
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
CVE-2022-30519MEDIUM01 abr 2023
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary c
33RISCO
abrir
Exploit-DB
Apache 2.4.x - Buffer Overflow
CVE-2021-4479001 abr 2023
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
45RISCO
abrir
Exploit-DB
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-44149HIGH01 abr 2023
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISCO
abrir
Exploit-DB
perfSONAR v4.4.5 - Partial Blind CSRF
CVE-2022-41413MEDIUM01 abr 2023
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attack
33RISCO
abrir
Exploit-DB
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-44877CRITICALsob ataque01 abr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISCO
abrir
Exploit-DB
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
CVE-2022-48194HIGH01 abr 2023
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a De
53RISCO
abrir
Exploit-DB
AD Manager Plus 7122 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALsob ataqueransomware01 abr 2023
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Exploit-DB
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-2884CRITICAL01 abr 2023
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3
70RISCO
abrir
Exploit-DB
Cacti v1.2.22 - Remote Command Execution (RCE)
CVE-2022-46169CRITICALsob ataque31 mar 2023
Unauthenticated Command Injection
100RISCO
abrir
Exploit-DB
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
CVE-2022-46770HIGH31 mar 2023
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RISCO
abrir
Exploit-DB
EQ Enterprise management system v2.2.0 - SQL Injection
CVE-2022-45297CRITICAL31 mar 2023
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
48RISCO
abrir
Exploit-DB
rconfig 3.9.7 - Sql Injection (Authenticated)
CVE-2022-45030HIGH31 mar 2023
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may
41RISCO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24629CRITICAL30 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achie
60RISCO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463030 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh
28RISCO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463230 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during f
28RISCO
abrir
Exploit-DB
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
CVE-2022-40319HIGH30 mar 2023
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a
41RISCO
abrir
Exploit-DB
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
CVE-2022-2841LOW30 mar 2023
CrowdStrike Falcon Uninstallation authorization
28RISCO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24627CRITICAL30 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injec
68RISCO
abrir
Exploit-DB
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
CVE-2022-39195MEDIUM30 mar 2023
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary
48RISCO
abrir
Exploit-DB
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-1565HIGH29 mar 2023
Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload
46RISCO
abrir
Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
CVE-2022-3227228 mar 2023
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISCO
abrir
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
CVE-2022-41441MEDIUM28 mar 2023
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISCO
abrir
Exploit-DB
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
CVE-2022-38580CRITICAL28 mar 2023
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
53RISCO
abrir
anteriorpágina 22 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.