Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2026-9815
MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
33RISCO
abrir ↗Referência
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir ↗Referência
CVE-2026-8383
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
48RISCO
abrir ↗Referência
CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f
33RISCO
abrir ↗Referência
CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISCO
abrir ↗Referência
CVE-2025-20281
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
100RISCO
abrir ↗Referência
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir ↗Referência★ 64
FortiWeb CVE-2025-25257 exploit
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir ↗Referência
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir ↗Referência
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISCO
abrir ↗Referência
CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir ↗Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir ↗Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir ↗Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir ↗Referência
CVE-2023-33246
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir ↗Referência
CVE-2023-33246
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir ↗Referência★ 104
CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir ↗Referência
CVE-2009-0927
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows r
100RISCO
abrir ↗Referência
CVE-2023-46747
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RISCO
abrir ↗Referência
CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISCO
abrir ↗Referência
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir ↗Referência
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir ↗Referência
CVE-2017-17562
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISCO
abrir ↗Referência
CVE-2026-7229
code-projects Coaching Management System POST reply.php sql injection
33RISCO
abrir ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir ↗Referência
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir ↗Referência
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.