Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.046exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8.060Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RISCO
abrir ↗Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Referência
CVE-2025-61884
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions
100RISCO
abrir ↗Referência
CVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RISCO
abrir ↗Referência
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir ↗Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir ↗Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir ↗Referência
CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir ↗Referência
CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir ↗Referência
CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir ↗Referência★ 47
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RISCO
abrir ↗Referência
CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m
45RISCO
abrir ↗Referência
CVE-2024-10914
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISCO
abrir ↗Referência
CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RISCO
abrir ↗Referência
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir ↗Referência
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir ↗Referência
CVE-2023-27524
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir ↗Referência
CVE-2023-27524
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir ↗Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir ↗Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir ↗Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir ↗Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir ↗Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISCO
abrir ↗Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RISCO
abrir ↗Referência
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RISCO
abrir ↗Referência
CVE-2025-34028
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISCO
abrir ↗Referência★ 21
watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.