Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
8.078 exploits
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALsob ataque24 set 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-1261124 set 2025
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-282523 set 2025
35RISCO
abrir
VulnCheck XDB
infoleak
CVE-2020-3452HIGHsob ataque23 set 2025
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALsob ataque23 set 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALsob ataque23 set 2025
Craft CMS Allows Remote Code Execution
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2024-21413CRITICALsob ataque23 set 2025
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALsob ataque22 set 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-6933HIGH22 set 2025
Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALsob ataqueransomware21 set 2025
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-34152CRITICAL21 set 2025
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALsob ataque21 set 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL21 set 2025
Authorization Bypass in Next.js Middleware
85RISCO
abrir
VulnCheck XDB
infoleak
CVE-2018-13379CRITICALsob ataqueransomware21 set 2025
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALsob ataque20 set 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL20 set 2025
Authorization Bypass in Next.js Middleware
85RISCO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALsob ataque20 set 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALsob ataque19 set 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-30258CRITICAL18 set 2025
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALsob ataque18 set 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-29306CRITICAL18 set 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque18 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL17 set 2025
Authorization Bypass in Next.js Middleware
85RISCO
abrir
VulnCheck XDB
local
CVE-2021-22600MEDIUMsob ataque17 set 2025
Double Free in net/packet/af_packet.c leading to priviledge escalation
63RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALsob ataqueransomware17 set 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2010-124017 set 2025
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of
60RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-24799HIGH16 set 2025
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RISCO
abrir
VulnCheck XDB
initial-access
CVE-2014-6287CRITICALsob ataque16 set 2025
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-3396CRITICALsob ataqueransomware16 set 2025
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2024-1708HIGHsob ataqueransomware16 set 2025
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RISCO
abrir
anteriorpágina 60 / 270próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.