Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
PANDORAFMS 7.0 - Authenticated Remote Code Execution
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metac
28RISCO
abrir ↗Exploit-DB
HP System Event Utility - Local Privilege Escalation
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version
23RISCO
abrir ↗Exploit-DB
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir ↗Exploit-DB
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cg
23RISCO
abrir ↗Exploit-DB
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
23RISCO
abrir ↗Exploit-DB
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
23RISCO
abrir ↗Exploit-DB
Dota 2 7.23f - Denial of Service (PoC)
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by
23RISCO
abrir ↗Exploit-DB
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir ↗Exploit-DB
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3
76RISCO
abrir ↗Exploit-DB
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RISCO
abrir ↗Exploit-DB
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host heade
23RISCO
abrir ↗Exploit-DB
Ricoh Driver - Privilege Escalation (Metasploit)
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISCO
abrir ↗Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISCO
abrir ↗Exploit-DB
Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RISCO
abrir ↗Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISCO
abrir ↗Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISCO
abrir ↗Exploit-DB
Cisco Data Center Network Manager 11.2 - Remote Code Execution
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RISCO
abrir ↗Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
60RISCO
abrir ↗Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
70RISCO
abrir ↗Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
Cisco Data Center Network Manager Command Injection Vulnerabilities
53RISCO
abrir ↗Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
Cisco Data Center Network Manager SQL Injection Vulnerabilities
53RISCO
abrir ↗Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RISCO
abrir ↗Exploit-DB
xglance-bin 11.00 - Privilege Escalation
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via u
38RISCO
abrir ↗Exploit-DB
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated se
23RISCO
abrir ↗Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via
33RISCO
abrir ↗Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate se
41RISCO
abrir ↗Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RISCO
abrir ↗Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RISCO
abrir ↗Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrati
23RISCO
abrir ↗Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Ele
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.