Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
CVE-2024-4879CRITICALsob ataque11 ago 2025
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RISCO
abrir
Exploit-DB
Ghost CMS 5.59.1 - Arbitrary File Read
CVE-2023-40028MEDIUM11 ago 2025
Arbitrary file read via symlinks in Ghost
45RISCO
abrir
Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
CVE-2024-27198CRITICALsob ataqueransomware11 ago 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
Exploit-DB
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
CVE-2025-7769HIGH11 ago 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced
46RISCO
abrir
Exploit-DB
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
CVE-2025-8730CRITICAL11 ago 2025
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
48RISCO
abrir
Exploit-DB
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
CVE-2025-53770CRITICALsob ataqueransomware11 ago 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
Exploit-DB
Cisco ISE 3.0 - Remote Code Execution (RCE)
CVE-2025-20124CRITICAL11 ago 2025
Cisco Identity Services Engine Java Deserialization Vulnerability
53RISCO
abrir
Exploit-DB
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
CVE-2025-49741HIGH03 ago 2025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
41RISCO
abrir
Exploit-DB
Gandia Integra Total 4.4.2236.1 - SQL Injection
CVE-2025-41373HIGH03 ago 2025
SQL injection vulnerability in Gandia Integra Total
41RISCO
abrir
Exploit-DB
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
CVE-2025-54589MEDIUM03 ago 2025
copyparty Reflected XSS via Filter Parameter
48RISCO
abrir
Exploit-DB
Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
CVE-2025-49683HIGH03 ago 2025
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
CVE-2025-8191MEDIUM03 ago 2025
macrozheng mall Swagger UI index.html cross site scripting
33RISCO
abrir
Exploit-DB
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
CVE-2023-346003 ago 2025
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISCO
abrir
Exploit-DB
LPAR2RRD 8.04 - Remote Code Execution (RCE)
CVE-2025-54769HIGH03 ago 2025
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
41RISCO
abrir
Exploit-DB
Xlight FTP 1.1 - Denial Of Service (DOS)
CVE-2024-0737MEDIUM28 jul 2025
Xlightftpd Xlight FTP Server Login denial of service
33RISCO
abrir
Exploit-DB
XWiki 14 - SQL Injection via getdeleteddocuments.vm
CVE-2025-32429CRITICAL28 jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISCO
abrir
Exploit-DB
Adobe ColdFusion 2023.6 - Remote File Read
CVE-2024-20767HIGHsob ataque28 jul 2025
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir
Exploit-DB
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
CVE-2015-617622 jul 2025
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site script
28RISCO
abrir
Exploit-DB
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
CVE-2025-34077CRITICAL22 jul 2025
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISCO
abrir
Exploit-DB
Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow
CVE-2025-7795HIGH22 jul 2025
Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow
41RISCO
abrir
Exploit-DB
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
CVE-2020-36847CRITICAL22 jul 2025
Simple File List < 4.2.3 - Remote Code Execution
68RISCO
abrir
Exploit-DB
Discourse 3.1.1 - Unauthenticated Chat Message Access
CVE-2023-45131HIGH22 jul 2025
Unauthenticated access to new private chat messages in Discourse
41RISCO
abrir
Exploit-DB
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
CVE-2025-51403MEDIUM22 jul 2025
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.
33RISCO
abrir
Exploit-DB
WP Publications WordPress Plugin 1.2 - Stored XSS
CVE-2024-11605MEDIUM16 jul 2025
WP Publications <= 1.2 - Admin+ Stored XSS
33RISCO
abrir
Exploit-DB
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
CVE-2025-52367MEDIUM16 jul 2025
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the
48RISCO
abrir
Exploit-DB
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
CVE-2025-44177HIGH16 jul 2025
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically
56RISCO
abrir
Exploit-DB
SugarCRM 14.0.0 - SSRF/Code Injection
CVE-2024-58258HIGH16 jul 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can
46RISCO
abrir
Exploit-DB
Keras 2.15 - Remote Code Execution (RCE)
CVE-2025-1550HIGH16 jul 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading
41RISCO
abrir
Exploit-DB
Langflow 1.2.x - Remote Code Execution (RCE)
CVE-2025-3248CRITICALsob ataqueransomware16 jul 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
Exploit-DB
TOTOLINK N300RB 8.54 - Command Execution
CVE-2025-52089HIGH16 jul 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenti
41RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.