Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
8.078 exploits
VulnCheck XDB
initial-access
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RISCO
abrir ↗VulnCheck XDB
initial-access
Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
75RISCO
abrir ↗VulnCheck XDB
initial-access
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which a
100RISCO
abrir ↗VulnCheck XDB
initial-access
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗VulnCheck XDB
client-side
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed wi
28RISCO
abrir ↗VulnCheck XDB
infoleak
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalD
75RISCO
abrir ↗VulnCheck XDB
initial-access
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISCO
abrir ↗VulnCheck XDB
initial-access
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir ↗VulnCheck XDB
initial-access
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir ↗VulnCheck XDB
initial-access
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
48RISCO
abrir ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir ↗VulnCheck XDB
client-side
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗VulnCheck XDB
local
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING
78RISCO
abrir ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗VulnCheck XDB
local
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacke
63RISCO
abrir ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗VulnCheck XDB
client-side
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.