Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to
23RISCO
abrir ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Exploit-DB
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS
23RISCO
abrir ↗Exploit-DB
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS
76RISCO
abrir ↗Exploit-DB
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbi
23RISCO
abrir ↗Exploit-DB
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
28RISCO
abrir ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISCO
abrir ↗Exploit-DB
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
23RISCO
abrir ↗Exploit-DB
LimeSurvey < 3.16 - Remote Code Execution
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar://
28RISCO
abrir ↗Exploit-DB
CMS Made Simple < 2.2.10 - SQL Injection
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗Exploit-DB
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter
23RISCO
abrir ↗Exploit-DB
Fat Free CRM 0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to th
23RISCO
abrir ↗Exploit-DB
i-doit 1.12 - 'qr.php' Cross-Site Scripting
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
23RISCO
abrir ↗Exploit-DB
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISCO
abrir ↗Exploit-DB
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir ↗Exploit-DB
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and loca
28RISCO
abrir ↗Exploit-DB
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects w
28RISCO
abrir ↗Exploit-DB
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RISCO
abrir ↗Exploit-DB
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
Rukovoditel before 2.4.1 allows XSS.
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISCO
abrir ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately
23RISCO
abrir ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Manageme
28RISCO
abrir ↗Exploit-DB
DVD X Player 5.5.3 - '.plf' Buffer Overflow
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
23RISCO
abrir ↗Exploit-DB
Rails 5.2.1 - Arbitrary File Content Disclosure
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where spe
100RISCO
abrir ↗Exploit-DB
Canarytokens 2019-03-01 - Detection Bypass
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timesta
28RISCO
abrir ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpag
23RISCO
abrir ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnera
23RISCO
abrir ↗Exploit-DB
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap c
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.