Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
23RISCO
abrir ↗Exploit-DB
Touchbase.io 1.10 - Stored Cross Site Scripting
HTML Injection in touchbase.ai
41RISCO
abrir ↗Exploit-DB
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a r
43RISCO
abrir ↗Exploit-DB
Joplin 1.2.6 - 'link' Cross Site Scripting
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
23RISCO
abrir ↗Exploit-DB
SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISCO
abrir ↗Exploit-DB
Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally
23RISCO
abrir ↗Exploit-DB
Amarok 2.8.0 - Denial-of-Service
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will tri
23RISCO
abrir ↗Exploit-DB
TP-Link WDR4300 - Remote Code Execution (Authenticated)
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated
35RISCO
abrir ↗Exploit-DB
DedeCMS v.5.8 - _keyword_ Cross-Site Scripting
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to
23RISCO
abrir ↗Exploit-DB
Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir ↗Exploit-DB
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RISCO
abrir ↗Exploit-DB
Blueman < 2.1.4 - Local Privilege Escalation
Local privilege escalation Blueman
41RISCO
abrir ↗Exploit-DB
Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated)
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arb
35RISCO
abrir ↗Exploit-DB
CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
23RISCO
abrir ↗Exploit-DB
Bludit 3.9.2 - Auth Bruteforce Bypass
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many
40RISCO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a
35RISCO
abrir ↗Exploit-DB
HiSilicon Video Encoders - RCE via unauthenticated command injection
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpo
35RISCO
abrir ↗Exploit-DB
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
100RISCO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Full admin access via backdoor password
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use har
28RISCO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthentic
28RISCO
abrir ↗Exploit-DB
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpo
35RISCO
abrir ↗Exploit-DB
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, o
23RISCO
abrir ↗Exploit-DB
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archi
28RISCO
abrir ↗Exploit-DB
Seat Reservation System 1.0 - Unauthenticated SQL Injection
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input v
28RISCO
abrir ↗Exploit-DB
Cisco ASA and FTD 9.6.4.42 - Path Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir ↗Exploit-DB
Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, lea
23RISCO
abrir ↗Exploit-DB
D-Link DSR-250N 3.12 - Denial of Service (PoC)
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed
28RISCO
abrir ↗Exploit-DB
SpamTitan 7.07 - Unauthenticated Remote Code Execution
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RISCO
abrir ↗Exploit-DB
Joplin 1.0.245 - Arbitrary Code Execution (PoC)
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
23RISCO
abrir ↗Exploit-DB
Mida eFramework 2.8.9 - Remote Code Execution
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE)
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.