Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISCO
abrir ↗Exploit-DB
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Underflow in PHP-FPM can lead to RCE
100RISCO
abrir ↗Exploit-DB
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISCO
abrir ↗Exploit-DB
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RISCO
abrir ↗Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISCO
abrir ↗Exploit-DB
Exchange Control Panel - Viewstate Deserialization (Metasploit)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir ↗Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISCO
abrir ↗Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISCO
abrir ↗Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISCO
abrir ↗Exploit-DB
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISCO
abrir ↗Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo,
23RISCO
abrir ↗Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a
23RISCO
abrir ↗Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,
23RISCO
abrir ↗Exploit-DB
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi
23RISCO
abrir ↗Exploit-DB
Joplin Desktop 1.0.184 - Cross-Site Scripting
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
23RISCO
abrir ↗Exploit-DB
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a
38RISCO
abrir ↗Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir ↗Exploit-DB
TP LINK TL-WR849N - Remote Code Execution
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploit
35RISCO
abrir ↗Exploit-DB
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmwa
23RISCO
abrir ↗Exploit-DB
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RISCO
abrir ↗Exploit-DB
qdPM < 9.1 - Remote Code Execution
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir ↗Exploit-DB
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISCO
abrir ↗Exploit-DB
Go SSH servers 0.0.2 - Denial of Service (PoC)
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the
28RISCO
abrir ↗Exploit-DB
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
Avaya IP Office XSS Vulnerability
33RISCO
abrir ↗Exploit-DB
Android Binder - Use-After-Free (Metasploit)
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir ↗Exploit-DB
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RISCO
abrir ↗Exploit-DB
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetai
28RISCO
abrir ↗Exploit-DB
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir ↗Exploit-DB
Anviz CrossChex - Buffer Overflow (Metasploit)
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISCO
abrir ↗Exploit-DB
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
71RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.