Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RISCO
abrir ↗Exploit-DB
Ghost CMS 5.59.1 - Arbitrary File Read
Arbitrary file read via symlinks in Ghost
45RISCO
abrir ↗Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗Exploit-DB
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced
46RISCO
abrir ↗Exploit-DB
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
48RISCO
abrir ↗Exploit-DB
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Exploit-DB
Cisco ISE 3.0 - Remote Code Execution (RCE)
Cisco Identity Services Engine Java Deserialization Vulnerability
53RISCO
abrir ↗Exploit-DB
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
41RISCO
abrir ↗Exploit-DB
Gandia Integra Total 4.4.2236.1 - SQL Injection
SQL injection vulnerability in Gandia Integra Total
41RISCO
abrir ↗Exploit-DB
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
copyparty Reflected XSS via Filter Parameter
48RISCO
abrir ↗Exploit-DB
Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
41RISCO
abrir ↗Exploit-DB
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
macrozheng mall Swagger UI index.html cross site scripting
33RISCO
abrir ↗Exploit-DB
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISCO
abrir ↗Exploit-DB
LPAR2RRD 8.04 - Remote Code Execution (RCE)
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
41RISCO
abrir ↗Exploit-DB
Xlight FTP 1.1 - Denial Of Service (DOS)
Xlightftpd Xlight FTP Server Login denial of service
33RISCO
abrir ↗Exploit-DB
XWiki 14 - SQL Injection via getdeleteddocuments.vm
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISCO
abrir ↗Exploit-DB
Adobe ColdFusion 2023.6 - Remote File Read
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir ↗Exploit-DB
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site script
28RISCO
abrir ↗Exploit-DB
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISCO
abrir ↗Exploit-DB
Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow
Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow
41RISCO
abrir ↗Exploit-DB
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
Simple File List < 4.2.3 - Remote Code Execution
68RISCO
abrir ↗Exploit-DB
Discourse 3.1.1 - Unauthenticated Chat Message Access
Unauthenticated access to new private chat messages in Discourse
41RISCO
abrir ↗Exploit-DB
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.
33RISCO
abrir ↗Exploit-DB
WP Publications WordPress Plugin 1.2 - Stored XSS
WP Publications <= 1.2 - Admin+ Stored XSS
33RISCO
abrir ↗Exploit-DB
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the
48RISCO
abrir ↗Exploit-DB
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically
56RISCO
abrir ↗Exploit-DB
SugarCRM 14.0.0 - SSRF/Code Injection
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can
46RISCO
abrir ↗Exploit-DB
Keras 2.15 - Remote Code Execution (RCE)
Arbitrary Code Execution via Crafted Keras Config for Model Loading
41RISCO
abrir ↗Exploit-DB
Langflow 1.2.x - Remote Code Execution (RCE)
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir ↗Exploit-DB
TOTOLINK N300RB 8.54 - Command Execution
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenti
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.