Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir ↗Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir ↗Referência
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir ↗Referência
XOOPS Module horoscope 2.0 - Remote File Inclusion
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to e
45RISCO
abrir ↗Referência
CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct
85RISCO
abrir ↗Referência
aiohttp 3.9.1 - directory traversal PoC
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
70RISCO
abrir ↗Referência
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISCO
abrir ↗Referência
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot
70RISCO
abrir ↗Referência
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISCO
abrir ↗Referência
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISCO
abrir ↗Referência
TikiWiki 1.9.8 - Remote PHP Injection
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f ar
60RISCO
abrir ↗Referência
CVE-2018-8065
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISCO
abrir ↗Referência
CVE-2019-15978
Cisco Data Center Network Manager Command Injection Vulnerabilities
53RISCO
abrir ↗Referência
CVE-2018-9160
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RISCO
abrir ↗Referência
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
60RISCO
abrir ↗Referência
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
60RISCO
abrir ↗Referência
CVE-2018-12710
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (whi
45RISCO
abrir ↗Referência
CVE-2010-2156
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit)
60RISCO
abrir ↗Referência
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir ↗Referência
CVE-2014-3791
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code
60RISCO
abrir ↗Referência
CVE-2022-1162
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE
85RISCO
abrir ↗Referência
CVE-2013-5486
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager
60RISCO
abrir ↗Referência
CVE-2019-1003030
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
100RISCO
abrir ↗Referência
CVE-2023-32243
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
85RISCO
abrir ↗Referência
Microsoft Internet Explorer 6/7 - XML Core Services Remote Code Execution (1)
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML
60RISCO
abrir ↗Referência
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISCO
abrir ↗Referência
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISCO
abrir ↗Referência
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISCO
abrir ↗Referência
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISCO
abrir ↗Referência
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.