Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
Technicolor TD5130.2 - Remote Command Execution
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Comm
28RISCO
abrir ↗Exploit-DB
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An
23RISCO
abrir ↗Exploit-DB
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being ret
23RISCO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious Jav
23RISCO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSe
23RISCO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied
23RISCO
abrir ↗Exploit-DB
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
23RISCO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Information Disclosure
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
23RISCO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
23RISCO
abrir ↗Exploit-DB
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and passw
23RISCO
abrir ↗Exploit-DB
FlexAir Access Control 2.3.35 - Authentication Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash valu
28RISCO
abrir ↗Exploit-DB
eMerge50P 5000P 4.6.07 - Remote Code Execution
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
35RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Cross-Site Request Forgery
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
28RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Arbitrary File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
35RISCO
abrir ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
28RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Privilege Escalation
Linear eMerge E3-Series devices allow File Inclusion.
60RISCO
abrir ↗Exploit-DB
Optergy 2.3.0a - Username Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
28RISCO
abrir ↗Exploit-DB
Atlassian Confluence 6.15.1 - Directory Traversal
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3-Series devices allow Command Injections.
100RISCO
abrir ↗Exploit-DB
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
28RISCO
abrir ↗Exploit-DB
Prima Access Control 2.3.35 - Arbitrary File Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when
28RISCO
abrir ↗Exploit-DB
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could mo
28RISCO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Username Enumeration
Computrols CBAS 18.0.0 allows Username Enumeration.
23RISCO
abrir ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
Linear eMerge E3-Series devices allow XSS.
50RISCO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
Linear eMerge E3-Series devices allow File Inclusion.
60RISCO
abrir ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISCO
abrir ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISCO
abrir ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RISCO
abrir ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
An out-of-bounds read was addressed with improved input validation.
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.