Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
IceWarp 10.4.4 - Local File Inclusion
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index
50RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceReques
23RISCO
abrir ↗Exploit-DB
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RISCO
abrir ↗Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.
28RISCO
abrir ↗Exploit-DB
WordPress Plugin Form Maker 1.13.3 - SQL Injection
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_
23RISCO
abrir ↗Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.
23RISCO
abrir ↗Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.
23RISCO
abrir ↗Exploit-DB
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗Exploit-DB
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, al
23RISCO
abrir ↗Exploit-DB
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description fiel
35RISCO
abrir ↗Exploit-DB
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set
23RISCO
abrir ↗Exploit-DB
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during
28RISCO
abrir ↗Exploit-DB
Deltek Maconomy 2.2.5 - Local File Inclusion
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RISCO
abrir ↗Exploit-DB
Typora 0.9.9.24.6 - Directory Traversal
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substr
23RISCO
abrir ↗Exploit-DB
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISCO
abrir ↗Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir ↗Exploit-DB
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of t
43RISCO
abrir ↗Exploit-DB
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISCO
abrir ↗Exploit-DB
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchO
28RISCO
abrir ↗Exploit-DB
Nagios XI 5.6.1 - SQL injection
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). N
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows
23RISCO
abrir ↗Exploit-DB
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.
23RISCO
abrir ↗Exploit-DB
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Erro
71RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
23RISCO
abrir ↗Exploit-DB
Carel pCOWeb < B1.2.1 - Credentials Disclosure
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext pass
23RISCO
abrir ↗Exploit-DB
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" f
38RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post
23RISCO
abrir ↗Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISCO
abrir ↗Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.