Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.053exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
SQLite 3.50.1 - Heap Overflow
CVE-2025-6965HIGH08 abr 2026
Integer Truncation on SQLite
63RISCO
abrir
Exploit-DB
Fortinet FortiWeb v8.0.1 - Auth Bypass
CVE-2025-64446CRITICALsob ataque06 abr 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir
Exploit-DB
ASP.net 8.0.10 - Bypass
CVE-2025-55315CRITICAL06 abr 2026
ASP.NET Security Feature Bypass Vulnerability
60RISCO
abrir
Exploit-DB
Windows Kernel - Elevation of Privilege
CVE-2025-62215HIGHsob ataque06 abr 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir
Exploit-DB
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
CVE-2025-59254HIGH06 abr 2026
Microsoft DWM Core Library Elevation of Privilege Vulnerability
41RISCO
abrir
Exploit-DB
mailcow 2025-01a - Host Header Password Reset Poisoning
CVE-2025-25198HIGH03 mar 2026
mailcow: dockerized vulnerable to password reset poisoning
41RISCO
abrir
Exploit-DB
WordPress Backup Migration 1.3.7 - Remote Command Execution
CVE-2023-6553CRITICAL03 mar 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir
Exploit-DB
Boss Mini v1.4.0 - Local File Inclusion (LFI)
CVE-2023-3643HIGH03 mar 2026
Boss Mini document file inclusion
78RISCO
abrir
Exploit-DB
motionEye 0.43.1b4 - RCE
CVE-2025-60787HIGH11 fev 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir
Exploit-DB
OctoPrint 1.11.2 - File Upload
CVE-2025-58180HIGH04 fev 2026
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
46RISCO
abrir
Exploit-DB
Docker Desktop 4.44.3 - Unauthenticated API Exposure
CVE-2025-9074CRITICAL04 fev 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
Exploit-DB
Siklu EtherHaul Series EH-8010 - Remote Command Execution
CVE-2025-57174CRITICAL17 jan 2026
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and p
48RISCO
abrir
Exploit-DB
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558HIGH25 dez 2025
Remote code execution via ND6 Router Advertisements
56RISCO
abrir
Exploit-DB
esm-dev 136 - Path Traversal
CVE-2025-59342MEDIUM16 dez 2025
esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
48RISCO
abrir
Exploit-DB
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-1173608 dez 2025
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute a
23RISCO
abrir
Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
CVE-2017-1573503 dez 2025
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
23RISCO
abrir
Exploit-DB
PluckCMS 4.7.10 - Unrestricted File Upload
CVE-2020-20969HIGH03 dez 2025
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_resto
41RISCO
abrir
Exploit-DB
Django 5.1.13 - SQL Injection
CVE-2025-64459CRITICAL03 dez 2025
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RISCO
abrir
Exploit-DB
OpenRepeater 2.1 - OS Command Injection
CVE-2019-2502403 dez 2025
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_sy
28RISCO
abrir
Exploit-DB
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
CVE-2017-1580803 dez 2025
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
23RISCO
abrir
Exploit-DB
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
CVE-2020-1571803 dez 2025
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc
38RISCO
abrir
Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
CVE-2017-1573403 dez 2025
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
23RISCO
abrir
Exploit-DB
MaNGOSWebV4 4.0.6 - Reflected XSS
CVE-2017-647803 dez 2025
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RISCO
abrir
Exploit-DB
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
CVE-2020-1571603 dez 2025
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip
23RISCO
abrir
Exploit-DB
MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
CVE-2018-25080LOW03 dez 2025
MobileDetect Example session_example.php initLayoutType cross site scripting
28RISCO
abrir
Exploit-DB
openSIS Community Edition 8.0 - SQL Injection
CVE-2021-4061703 dez 2025
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
23RISCO
abrir
Exploit-DB
phpMyAdmin 5.0.0 - SQL Injection
CVE-2020-550403 dez 2025
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could
35RISCO
abrir
Exploit-DB
phpIPAM 1.4 - SQL-Injection
CVE-2019-1669303 dez 2025
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
23RISCO
abrir
Exploit-DB
Piwigo 13.6.0 - SQL Injection
CVE-2023-33362CRITICAL02 dez 2025
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
48RISCO
abrir
Exploit-DB
phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
CVE-2024-41358MEDIUM02 dez 2025
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
33RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.