Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.046exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
19.791 exploits
Referência
CVE-2023-0315
Command Injection in froxlor/froxlor
78RISCO
abrir
Referência
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RISCO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
Referência
CVE-2025-61884
CVE-2025-61884HIGHsob ataqueransomware
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions
100RISCO
abrir
Referência
CVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISCO
abrir
Referência
CVE-2019-19781
CVE-2019-19781CRITICALsob ataqueransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHsob ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHsob ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHsob ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir
Referência47
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
CVE-2024-56145CRITICALsob ataque
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISCO
abrir
Referência
CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m
45RISCO
abrir
Referência
CVE-2024-10914
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISCO
abrir
Referência
CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RISCO
abrir
Referência
CVE-2019-9082
CVE-2019-9082HIGHsob ataque
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir
Referência
CVE-2019-9082
CVE-2019-9082HIGHsob ataque
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir
Referência
CVE-2023-27524
CVE-2023-27524HIGHsob ataque
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
Referência
CVE-2023-27524
CVE-2023-27524HIGHsob ataque
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISCO
abrir
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISCO
abrir
Referência
CVE-2020-14864
CVE-2020-14864HIGHsob ataque
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RISCO
abrir
Referência
CVE-2025-34028
CVE-2025-34028CRITICALsob ataque
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISCO
abrir
Referência21
watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
CVE-2025-34028CRITICALsob ataque
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.