Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
EA Origin < 10.5.38 - Remote Code Execution
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and orig
28RISCO
abrir ↗Exploit-DB
Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISCO
abrir ↗Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISCO
abrir ↗Exploit-DB
Sahi pro 8.x - Cross-Site Scripting
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
23RISCO
abrir ↗Exploit-DB
Sahi pro 7.x/8.x - Directory Traversal
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RISCO
abrir ↗Exploit-DB
Sahi pro 8.x - SQL Injection
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to
28RISCO
abrir ↗Exploit-DB
Thunderbird ESR < 60.7.XXX - Type Confusion
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when pro
23RISCO
abrir ↗Exploit-DB
Exim 4.87 - 4.91 - Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISCO
abrir ↗Exploit-DB
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing cer
28RISCO
abrir ↗Exploit-DB
Spring Security OAuth - Open Redirector
Open Redirector in spring-security-oauth2
33RISCO
abrir ↗Exploit-DB
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
23RISCO
abrir ↗Exploit-DB
Spring Security OAuth - Open Redirector
Open Redirect in spring-security-oauth2
28RISCO
abrir ↗Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when proce
28RISCO
abrir ↗Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processin
23RISCO
abrir ↗Exploit-DB
Sitecore 8.x - Deserialization Remote Code Execution
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 2
28RISCO
abrir ↗Exploit-DB
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsani
23RISCO
abrir ↗Exploit-DB
phpMyAdmin 4.8 - Cross-Site Request Forgery
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF
28RISCO
abrir ↗Exploit-DB
ProShow 9.0.3797 - Local Privilege Escalation
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges).
23RISCO
abrir ↗Exploit-DB
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitra
23RISCO
abrir ↗Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir ↗Exploit-DB
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcas
43RISCO
abrir ↗Exploit-DB
VMware WorkStation 12.5.3 - Virtual Machine Escape
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi
23RISCO
abrir ↗Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sen
23RISCO
abrir ↗Exploit-DB
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISCO
abrir ↗Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
85RISCO
abrir ↗Exploit-DB
LibreNMS - addhost Command Injection (Metasploit)
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISCO
abrir ↗Exploit-DB
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceReques
23RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.