Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISCO
abrir ↗Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.
23RISCO
abrir ↗Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on
43RISCO
abrir ↗Exploit-DB
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking
23RISCO
abrir ↗Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISCO
abrir ↗Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever
50RISCO
abrir ↗Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible,
50RISCO
abrir ↗Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISCO
abrir ↗Exploit-DB
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may
28RISCO
abrir ↗Exploit-DB
GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RISCO
abrir ↗Exploit-DB
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit
23RISCO
abrir ↗Exploit-DB
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISCO
abrir ↗Exploit-DB
VMware Workstation 15.1.0 - DLL Hijacking
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by t
23RISCO
abrir ↗Exploit-DB
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects
23RISCO
abrir ↗Exploit-DB
Microsoft Windows - 'Win32k' Local Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
83RISCO
abrir ↗Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RISCO
abrir ↗Exploit-DB
OpenProject 5.0.0 - 8.3.1 - SQL Injection
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbi
45RISCO
abrir ↗Exploit-DB
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the
23RISCO
abrir ↗Exploit-DB
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault
35RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
23RISCO
abrir ↗Exploit-DB
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
23RISCO
abrir ↗Exploit-DB
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated
23RISCO
abrir ↗Exploit-DB
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RISCO
abrir ↗Exploit-DB
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir ↗Exploit-DB
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISCO
abrir ↗Exploit-DB
Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
23RISCO
abrir ↗Exploit-DB
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISCO
abrir ↗Exploit-DB
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java co
23RISCO
abrir ↗Exploit-DB
iOS 12.1.3 - 'cfprefsd' Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave
76RISCO
abrir ↗Exploit-DB
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the m
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.