Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
Gila CMS 1.11.8 - 'query' SQL Injection
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
28RISCO
abrir ↗Exploit-DB
SOS JobScheduler 1.13.3 - Stored Password Decryption
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 an
23RISCO
abrir ↗Exploit-DB
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
23RISCO
abrir ↗Exploit-DB
WinGate 9.4.1.5998 - Insecure Folder Permissions
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges
23RISCO
abrir ↗Exploit-DB
Bludit 3.9.12 - Directory Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Exploit-DB
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and
23RISCO
abrir ↗Exploit-DB
Microsoft Windows - 'SMBGhost' Remote Code Execution
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISCO
abrir ↗Exploit-DB
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upl
23RISCO
abrir ↗Exploit-DB
vCloud Director 9.7.0.15498291 - Remote Code Execution
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4
28RISCO
abrir ↗Exploit-DB
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execut
28RISCO
abrir ↗Exploit-DB
WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Regi
35RISCO
abrir ↗Exploit-DB
VMware vCenter Server 6.7 - Authentication Bypass
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir ↗Exploit-DB
Pi-hole 4.4.0 - Remote Code Execution (Authenticated)
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Exploit-DB
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RISCO
abrir ↗Exploit-DB
Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcod
60RISCO
abrir ↗Exploit-DB
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RISCO
abrir ↗Exploit-DB
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISCO
abrir ↗Exploit-DB
OpenEDX platform Ironwood 2.5 - Remote Code Execution
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>Ne
28RISCO
abrir ↗Exploit-DB
BIND - 'TSIG' Denial of Service
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RISCO
abrir ↗Exploit-DB
Submitty 20.04.01 - Persistent Cross-Site Scripting
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a
23RISCO
abrir ↗Exploit-DB
Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Exploit-DB
HP LinuxKI 6.01 - Remote Command Injection
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RISCO
abrir ↗Exploit-DB
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported versi
28RISCO
abrir ↗Exploit-DB
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community
23RISCO
abrir ↗Exploit-DB
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability
33RISCO
abrir ↗Exploit-DB
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISCO
abrir ↗Exploit-DB
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Moni
28RISCO
abrir ↗Exploit-DB
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Exploit-DB
Pi-hole < 4.4 - Authenticated Remote Code Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Exploit-DB
Saltstack 3000.1 - Remote Code Execution
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.