Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
8.078 exploits
VulnCheck XDB
initial-access
CVE-2014-6287CRITICALsob ataque16 set 2025
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2017-9822HIGHsob ataqueransomware15 set 2025
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALsob ataqueransomware15 set 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-1261115 set 2025
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHsob ataque14 set 2025
Path traversal vulnerability in WinRAR
93RISCO
abrir
VulnCheck XDB
local
CVE-2025-48543HIGHsob ataque14 set 2025
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use aft
71RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALsob ataque14 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALsob ataque13 set 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHsob ataque13 set 2025
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALsob ataqueransomware13 set 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
VulnCheck XDB
local
CVE-2021-3493HIGHsob ataque13 set 2025
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHsob ataque13 set 2025
Path traversal vulnerability in WinRAR
93RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALsob ataque12 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-4123HIGH12 set 2025
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
78RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL11 set 2025
Authorization Bypass in Next.js Middleware
85RISCO
abrir
VulnCheck XDB
local
CVE-2022-0847HIGHsob ataque11 set 2025
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque11 set 2025
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALsob ataqueransomware11 set 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALsob ataque10 set 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-31161CRITICALsob ataqueransomware10 set 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2024-23897CRITICALsob ataqueransomware10 set 2025
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-42957CRITICAL10 set 2025
Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALsob ataque10 set 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2018-11776HIGHsob ataque09 set 2025
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALsob ataqueransomware09 set 2025
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque08 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque08 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-21333HIGHsob ataque08 set 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-30208MEDIUM08 set 2025
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALsob ataque07 set 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
anteriorpágina 61 / 270próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.