Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RISCO
abrir ↗Exploit-DB
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and
28RISCO
abrir ↗Exploit-DB
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISCO
abrir ↗Exploit-DB
elFinder 2.1.47 - 'PHP connector' Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir ↗Exploit-DB
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir ↗Exploit-DB
WordPress Core 5.0 - Remote Code Execution
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir ↗Exploit-DB
WordPress Core 5.0 - Remote Code Execution
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Exploit-DB
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient
23RISCO
abrir ↗Exploit-DB
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
46RISCO
abrir ↗Exploit-DB
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via
28RISCO
abrir ↗Exploit-DB
Joomla! Component J2Store < 3.3.7 - SQL Injection
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitr
23RISCO
abrir ↗Exploit-DB
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products
28RISCO
abrir ↗Exploit-DB
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RISCO
abrir ↗Exploit-DB
Drupal < 8.6.9 - REST Module Remote Code Execution
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir ↗Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISCO
abrir ↗Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framewor
45RISCO
abrir ↗Exploit-DB
zzzphp CMS 1.6.1 - Remote Code Execution
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filter
50RISCO
abrir ↗Exploit-DB
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir ↗Exploit-DB
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
Path traversal vulnerability in Filr web application
33RISCO
abrir ↗Exploit-DB
WinRAR 5.61 - Path Traversal
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir ↗Exploit-DB
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RISCO
abrir ↗Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authen
28RISCO
abrir ↗Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input direct
28RISCO
abrir ↗Exploit-DB
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backu
28RISCO
abrir ↗Exploit-DB
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safa
23RISCO
abrir ↗Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the de
28RISCO
abrir ↗Exploit-DB
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The so
28RISCO
abrir ↗Exploit-DB
FaceTime - Texture Processing Memory Corruption
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.
23RISCO
abrir ↗Exploit-DB
HotelDruid 2.3 - Cross-Site Scripting
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabel
43RISCO
abrir ↗Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.