Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
8.078 exploits
VulnCheck XDB
initial-access
CVE-2025-52970HIGH07 set 2025
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.
56RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALsob ataque07 set 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALsob ataque06 set 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-22515CRITICALsob ataqueransomware06 set 2025
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-54309CRITICALsob ataque06 set 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-58443CRITICAL06 set 2025
FOG's authentication bypass leads to full SQL DB dump
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALsob ataque06 set 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALsob ataqueransomware05 set 2025
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALsob ataque05 set 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALsob ataque05 set 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque04 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
local
CVE-2024-1086HIGHsob ataqueransomware04 set 2025
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-53772HIGH04 set 2025
Web Deploy Remote Code Execution Vulnerability
46RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-5016404 set 2025
Apache Struts: File upload component had a directory traversal vulnerability
45RISCO
abrir
VulnCheck XDB
local
CVE-2025-1055MEDIUM04 set 2025
K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
33RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHsob ataque04 set 2025
Path traversal vulnerability in WinRAR
93RISCO
abrir
VulnCheck XDB
initial-access
CVE-2020-7961CRITICALsob ataque04 set 2025
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALsob ataqueransomware04 set 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-6019HIGH03 set 2025
Libblockdev: lpe from allow_active to root in libblockdev via udisks
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALsob ataque03 set 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALsob ataque03 set 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALsob ataqueransomware03 set 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
VulnCheck XDB
local
CVE-2015-132803 set 2025
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RISCO
abrir
VulnCheck XDB
initial-access
CVE-2024-51568CRITICAL02 set 2025
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecut
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-3515HIGH01 set 2025
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
56RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALsob ataqueransomware01 set 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISCO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALsob ataque01 set 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-9841CRITICALsob ataque01 set 2025
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-11317CRITICALsob ataque01 set 2025
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2018-1920701 set 2025
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RISCO
abrir
anteriorpágina 62 / 270próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.