Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleihigh
Java-springboot-codebase 1.1 - Arbitrary File Read
Unauthenticated Arbitrary File Read via Absolute Path
56RISCO
abrir
Nucleicritical
Mitel 6000 - OS Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and th
40RISCO
abrir
Nucleimedium
Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the sour
28RISCO
abrir
Nucleihigh
Personal Weather Station Dashboard 12 - Directory Traversal
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ direct
28RISCO
abrir
Nucleihigh
WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability
36RISCO
abrir
Nucleicritical
Eventin <= 4.0.26 - Privilege Escalation
WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
75RISCO
abrir
Nucleihigh
TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
WordPress TI WooCommerce Wishlist plugin <= 2.9.2 - Arbitrary File Upload Vulnerability
63RISCO
abrir
Nucleicritical
PSW Front-end Login & Registration 1.13 - Weak Password Recovery
WordPress PSW Front-end Login & Registration plugin <= 1.13 - Broken Authentication Vulnerability
68RISCO
abrir
Nucleimedium
Label Studio < 1.18.0 - Reflected XSS
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
36RISCO
abrir
Nucleicritical
Wing FTP Server <= 7.4.3 - Remote Code Execution
CVE-2025-47812CRITICALsob ataque
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
Nucleimedium
Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
CVE-2025-47813MEDIUMsob ataque
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a
70RISCO
abrir
Nucleicritical
Invision Community <=5.0.6 Unauthenticated RCE via Template Injection
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISCO
abrir
Nucleicritical
WordPress Formality Plugin <= 1.5.9 - Local File Inclusion
WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability
36RISCO
abrir
Nucleicritical
MyStyle Custom Product Designer <= 3.21.1 - SQL Injection
WordPress MyStyle Custom Product Designer plugin <= 3.21.1 - SQL Injection Vulnerability
43RISCO
abrir
Nucleicritical
CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution
CVE-2025-48703CRITICALsob ataque
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell
100RISCO
abrir
Nucleicritical
vBulletin 5.0.0-6.0.3 - Authentication Bypass
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers'
85RISCO
abrir
Nucleicritical
vBulletin replaceAdTemplate - Remote Code Execution
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t
75RISCO
abrir
Nucleihigh
Discourse OAuth Social Login - Cross-site Scripting
Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow
36RISCO
abrir
Nucleicritical
DataEase < 2.10.10 - JWT Authentication Bypass
Dataease Authentication Bypass Vulnerability
41RISCO
abrir
Nucleihigh
DataEase - Remote Code Execution
Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability
48RISCO
abrir
Nucleihigh
WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution
WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability
63RISCO
abrir
Nucleicritical
Roundcube Webmail - Remote Code Execution
CVE-2025-49113CRITICALsob ataque
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
Nucleicritical
Pterodactyl Panel - Remote Code Execution
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
Nucleicritical
Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
48RISCO
abrir
Nucleicritical
Adobe Experience Manager Forms - Insecure Deserialization
Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)
55RISCO
abrir
Nucleicritical
MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
75RISCO
abrir
Nucleimedium
Microsoft SharePoint Server - Authentication Bypass
CVE-2025-49706MEDIUMsob ataqueransomware
Microsoft SharePoint Server Spoofing Vulnerability
100RISCO
abrir
Nucleicritical
Teleport - Authentication Bypass
Teleport allows remote authentication bypass
43RISCO
abrir
Nucleimedium
Heimdall - Host Header Injection & Open Redirect
LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically
43RISCO
abrir
Nucleicritical
Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization
CVE-2025-5086CRITICALsob ataque
Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
95RISCO
abrir
anteriorpágina 62 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.