Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RISCO
abrir ↗Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Ele
35RISCO
abrir ↗Exploit-DB
BearFTP 0.1.0 - 'PASV' Denial of Service
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to th
28RISCO
abrir ↗Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
23RISCO
abrir ↗Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrati
23RISCO
abrir ↗Exploit-DB
OpenSMTPD 6.6.1 - Remote Code Execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir ↗Exploit-DB
rConfig 3.9.3 - Authenticated Remote Code Execution
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISCO
abrir ↗Exploit-DB
Satellian 1.12 - Remote Code Execution
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to th
60RISCO
abrir ↗Exploit-DB
XMLBlueprint 16.191112 - XML External Entity Injection
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows T
35RISCO
abrir ↗Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
23RISCO
abrir ↗Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php
23RISCO
abrir ↗Exploit-DB
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
23RISCO
abrir ↗Exploit-DB
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
23RISCO
abrir ↗Exploit-DB
Microsoft Windows Kernel - Information Disclosure
Windows Kernel Information Disclosure Vulnerability
33RISCO
abrir ↗Exploit-DB
Genexis Platinum-4410 2.1 - Authentication Bypass
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cl
23RISCO
abrir ↗Exploit-DB
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the
35RISCO
abrir ↗Exploit-DB
qdPM 9.1 - Remote Code Execution
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir ↗Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RISCO
abrir ↗Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RISCO
abrir ↗Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RISCO
abrir ↗Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning
38RISCO
abrir ↗Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RISCO
abrir ↗Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RISCO
abrir ↗Exploit-DB
Ricoh Printer Drivers - Local Privilege Escalation
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISCO
abrir ↗Exploit-DB
Citrix XenMobile Server 10.8 - XML External Entity Injection
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor
23RISCO
abrir ↗Exploit-DB
Microsoft SharePoint - Deserialization Remote Code Execution
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup
100RISCO
abrir ↗Exploit-DB
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code
28RISCO
abrir ↗Exploit-DB
Easy XML Editor 1.7.8 - XML External Entity Injection
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS
23RISCO
abrir ↗Exploit-DB
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.