Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2015-6128
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allo
60RISCO
abrir ↗Referência
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted mes
100RISCO
abrir ↗Referência
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted mes
100RISCO
abrir ↗Referência
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted mes
100RISCO
abrir ↗Referência
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
60RISCO
abrir ↗Referência
CVE-2015-6922
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISCO
abrir ↗Referência
CVE-2015-6922
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISCO
abrir ↗Referência
CVE-2017-0038
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
45RISCO
abrir ↗Referência
CVE-2024-8957
PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
93RISCO
abrir ↗Referência
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 befor
63RISCO
abrir ↗Referência
CVE-2014-8440
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
60RISCO
abrir ↗Referência
CVE-2015-0336
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451
60RISCO
abrir ↗Referência
CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider t
60RISCO
abrir ↗Referência
CVE-2020-35578
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISCO
abrir ↗Referência
CVE-2020-35578
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISCO
abrir ↗Referência
CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful
93RISCO
abrir ↗Referência
CVE-2013-0803
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arb
60RISCO
abrir ↗Referência
CVE-2013-0803
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arb
60RISCO
abrir ↗Referência
CVE-2024-9464
Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure
70RISCO
abrir ↗Referência
CVE-2023-5360
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗Referência
CVE-2023-5360
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗Referência
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to
60RISCO
abrir ↗Referência
CVE-2022-25148
WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id
85RISCO
abrir ↗Referência
CVE-2018-5955
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISCO
abrir ↗Referência
CVE-2013-4212
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute
60RISCO
abrir ↗Referência
CVE-2014-7862
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote at
60RISCO
abrir ↗Referência
CVE-2017-10974
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: th
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.