Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
CVE-2021-2456312 jan 2022
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
28RISCO
abrir
Exploit-DB
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-4491610 jan 2022
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad
23RISCO
abrir
Exploit-DB
CoreFTP Server build 725 - Directory Traversal (Authenticated)
CVE-2022-2283610 jan 2022
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP
23RISCO
abrir
Exploit-DB
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
CVE-2009-018210 jan 2022
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in
50RISCO
abrir
Exploit-DB
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
CVE-2021-2475005 jan 2022
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
50RISCO
abrir
Exploit-DB
ConnectWise Control 19.2.24707 - Username Enumeration
CVE-2019-1651605 jan 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumer
28RISCO
abrir
Exploit-DB
Automox Agent 32 - Local Privilege Escalation
CVE-2021-4332605 jan 2022
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
23RISCO
abrir
Exploit-DB
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
CVE-2021-4542505 jan 2022
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScrip
23RISCO
abrir
Exploit-DB
Nettmp NNT 5.1 - SQLi Authentication Bypass
CVE-2021-4581405 jan 2022
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel
23RISCO
abrir
Exploit-DB
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-43857CRITICAL05 jan 2022
Gerapy may contain remote code execution vulnerability
60RISCO
abrir
Exploit-DB
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
CVE-2021-39312HIGH05 jan 2022
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RISCO
abrir
Exploit-DB
WBCE CMS 1.5.1 - Admin Password Reset
CVE-2021-3817CRITICAL20 dez 2021
SQL Injection in wbce/wbce_cms
60RISCO
abrir
Exploit-DB
Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration
CVE-2021-4484816 dez 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication reques
43RISCO
abrir
Exploit-DB
Apache Log4j 2 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALsob ataqueransomware14 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Exploit-DB
Apache Log4j2 2.14.1 - Information Disclosure
CVE-2021-44228CRITICALsob ataqueransomware14 dez 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
Exploit-DB
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
CVE-2019-958114 dez 2021
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitra
28RISCO
abrir
Exploit-DB
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
CVE-2021-4504313 dez 2021
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_L
50RISCO
abrir
Exploit-DB
WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-43936CRITICAL13 dez 2021
Distributed Data Systems WebHM
60RISCO
abrir
Exploit-DB
Student Management System 1.0 - SQLi Authentication Bypass
CVE-2020-2393509 dez 2021
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (
28RISCO
abrir
Exploit-DB
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
CVE-2021-43798HIGHsob ataque09 dez 2021
Grafana path traversal
100RISCO
abrir
Exploit-DB
Raspberry Pi 5.10 - Default Credentials
CVE-2021-3875909 dez 2021
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain a
28RISCO
abrir
Exploit-DB
Auerswald COMpact 8.0B - Multiple Backdoors
CVE-2021-4085906 dez 2021
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web
60RISCO
abrir
Exploit-DB
Croogo 3.0.2 - Remote Code Execution (Authenticated)
CVE-2021-4467306 dez 2021
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malic
23RISCO
abrir
Exploit-DB
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
CVE-2021-39316HIGH03 dez 2021
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RISCO
abrir
Exploit-DB
Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting
CVE-2021-4057701 dez 2021
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP an
23RISCO
abrir
Exploit-DB
Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)
CVE-2019-13272HIGHsob ataque23 nov 2021
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISCO
abrir
Exploit-DB
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
CVE-2021-4284017 nov 2021
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RISCO
abrir
Exploit-DB
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
CVE-2021-3532317 nov 2021
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
38RISCO
abrir
Exploit-DB
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-22205CRITICALsob ataqueransomware17 nov 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir
Exploit-DB
Online Learning System 2.0 - Remote Code Execution (RCE)
CVE-2021-4258016 nov 2021
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/adm
23RISCO
abrir
anteriorpágina 29 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.