Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.284exploits catalogados
31.741CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.888GitHub PoC 13.174VulnCheck XDB 8.100Nuclei 4.191Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a
28RISCO
abrir ↗Exploit-DB
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISCO
abrir ↗Exploit-DB
1Password < 7.0 - Denial of Service
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com
23RISCO
abrir ↗Exploit-DB
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft W
71RISCO
abrir ↗Exploit-DB
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/inde
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability."
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevatio
28RISCO
abrir ↗Exploit-DB
AudioCode 400HD - Command Injection
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RISCO
abrir ↗Exploit-DB
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Dokan file system driver contains a stack-based buffer overflow
23RISCO
abrir ↗Exploit-DB
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handl
23RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir ↗Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir ↗Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISCO
abrir ↗Exploit-DB
S-nail < 14.8.16 - Local Privilege Escalation
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local
23RISCO
abrir ↗Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-T
38RISCO
abrir ↗Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISCO
abrir ↗Exploit-DB
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are
28RISCO
abrir ↗Exploit-DB
OpenSource ERP 6.3.1. - SQL Injection
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
28RISCO
abrir ↗Exploit-DB
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Servic
28RISCO
abrir ↗Exploit-DB
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scrip
23RISCO
abrir ↗Exploit-DB
BlogEngine 3.3 - XML External Entity Injection
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
28RISCO
abrir ↗Exploit-DB
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
23RISCO
abrir ↗Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RISCO
abrir ↗Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
28RISCO
abrir ↗Exploit-DB
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserializ
28RISCO
abrir ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage
23RISCO
abrir ↗Exploit-DB
LayerBB 1.1.1 - Persistent Cross-Site Scripting
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.