Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
Bio Star 2.8.2 - Local File Inclusion
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary fi
50RISCO
abrir ↗Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RISCO
abrir ↗Exploit-DB
Bludit 3.9.2 - Directory Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Exploit-DB
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
23RISCO
abrir ↗Exploit-DB
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir ↗Exploit-DB
pfSense 2.4.4-p3 - Cross-Site Request Forgery
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executi
35RISCO
abrir ↗Exploit-DB
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe we
28RISCO
abrir ↗Exploit-DB
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
23RISCO
abrir ↗Exploit-DB
Docsify.js 4.11.4 - Reflective Cross-Site Scripting
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters a
23RISCO
abrir ↗Exploit-DB
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
23RISCO
abrir ↗Exploit-DB
CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
23RISCO
abrir ↗Exploit-DB
Zyxel Armor X1 WAP6806 - Directory Traversal
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
23RISCO
abrir ↗Exploit-DB
SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to
23RISCO
abrir ↗Exploit-DB
BSA Radar 1.6.7234.24750 - Local File Inclusion
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and e
23RISCO
abrir ↗Exploit-DB
Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RISCO
abrir ↗Exploit-DB
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon succ
35RISCO
abrir ↗Exploit-DB
CompleteFTP Professional 12.1.3 - Remote Code Execution
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file.
23RISCO
abrir ↗Exploit-DB
BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can all
23RISCO
abrir ↗Exploit-DB
SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to
23RISCO
abrir ↗Exploit-DB
Exhibitor Web UI 1.7.1 - Remote Code Execution
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7
60RISCO
abrir ↗Exploit-DB
RSA IG&L Aveksa 7.1.1 - Remote Code Execution
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 cont
33RISCO
abrir ↗Exploit-DB
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir ↗Exploit-DB
Grafana 7.0.1 - Denial of Service (PoC)
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows
60RISCO
abrir ↗Exploit-DB
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir ↗Exploit-DB
OCS Inventory NG 2.7 - Remote Code Execution
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php bec
28RISCO
abrir ↗Exploit-DB
mySCADA myPRO 7 - Hardcoded Credentials
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attack
28RISCO
abrir ↗Exploit-DB
Lansweeper 7.2 - Incorrect Access Control
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin accoun
28RISCO
abrir ↗Exploit-DB
WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
23RISCO
abrir ↗Exploit-DB
FileRun 2019.05.21 - Reflected Cross-Site Scripting
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed
23RISCO
abrir ↗Exploit-DB
WebPort 1.19.1 - Reflected Cross-Site Scripting
Web Port 1.19.1 allows XSS via the /log type parameter.
38RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.