Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
CVE-2025-30397HIGHsob ataque05 jun 2025
Scripting Engine Memory Corruption Vulnerability
76RISCO
abrir
Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Overflow
CVE-2022-2025CRITICAL05 jun 2025
Grandstream GSD3710 Stack-based Buffer Overflow
48RISCO
abrir
Exploit-DB
macOS LaunchDaemon iOS 17.2 - Privilege Escalation
CVE-2025-24085CRITICALsob ataque05 jun 2025
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, i
83RISCO
abrir
Exploit-DB
Apache Tomcat 10.1.39 - Denial of Service (DoS)
CVE-2025-31650HIGH05 jun 2025
Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
53RISCO
abrir
Exploit-DB
WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
CVE-2025-4094CRITICAL29 mai 2025
Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing
53RISCO
abrir
Exploit-DB
Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
CVE-2024-0204CRITICAL29 mai 2025
Authentication Bypass in GoAnywhere MFT
85RISCO
abrir
Exploit-DB
SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
CVE-2024-28995HIGHsob ataque29 mai 2025
SolarWinds Serv-U L Directory Transversal Vulnerability
100RISCO
abrir
Exploit-DB
Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
CVE-2025-24071MEDIUM29 mai 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir
Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
CVE-2022-2070CRITICAL25 mai 2025
Grandstream GSD3710 Stack-based Buffer Overflow
48RISCO
abrir
Exploit-DB
WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
CVE-2025-2594HIGH25 mai 2025
User Registration & Membership < 4.1.3 - Authentication Bypass
41RISCO
abrir
Exploit-DB
Java-springboot-codebase 1.1 - Arbitrary File Read
CVE-2025-46822HIGH25 mai 2025
Unauthenticated Arbitrary File Read via Absolute Path
56RISCO
abrir
Exploit-DB
CrushFTP 11.3.1 - Authentication Bypass
CVE-2025-31161CRITICALsob ataqueransomware18 mai 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISCO
abrir
Exploit-DB
Invision Community 5.0.6 - Remote Code Execution (RCE)
CVE-2025-47916CRITICAL18 mai 2025
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISCO
abrir
Exploit-DB
Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
CVE-2025-32370HIGH13 mai 2025
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uplo
41RISCO
abrir
Exploit-DB
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
CVE-2025-3605CRITICAL13 mai 2025
Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover
63RISCO
abrir
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
CVE-2024-11237HIGH13 mai 2025
TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
41RISCO
abrir
Exploit-DB
Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
CVE-2025-27533MEDIUM09 mai 2025
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
33RISCO
abrir
Exploit-DB
SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
CVE-2025-27007CRITICAL09 mai 2025
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RISCO
abrir
Exploit-DB
WordPress Depicter Plugin 3.6.1 - SQL Injection
CVE-2025-2011HIGH09 mai 2025
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RISCO
abrir
Exploit-DB
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
CVE-2025-47226MEDIUM06 mai 2025
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
33RISCO
abrir
Exploit-DB
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
CVE-2025-24054MEDIUMsob ataque01 mai 2025
NTLM Hash Disclosure Spoofing Vulnerability
75RISCO
abrir
Exploit-DB
unzip-stream 0.3.1 - Arbitrary File Write
CVE-2024-42471HIGH30 abr 2025
Arbitrary File Write via artifact extraction in actions/artifact
41RISCO
abrir
Exploit-DB
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
CVE-2024-12905HIGH22 abr 2025
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted
41RISCO
abrir
Exploit-DB
FoxCMS 1.2.5 - Remote Code Execution (RCE)
CVE-2025-29306CRITICAL19 abr 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RISCO
abrir
Exploit-DB
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
CVE-2024-11972CRITICAL18 abr 2025
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
75RISCO
abrir
Exploit-DB
Langflow 1.3.0 - Remote Code Execution (RCE)
CVE-2025-3248CRITICALsob ataqueransomware18 abr 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
Exploit-DB
Inventio Lite 4 - SQL Injection
CVE-2024-44541CRITICAL18 abr 2025
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action
48RISCO
abrir
Exploit-DB
KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
CVE-2024-11728HIGH18 abr 2025
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
61RISCO
abrir
Exploit-DB
UJCMS 9.6.3 - User Enumeration via IDOR
CVE-2024-12483MEDIUM18 abr 2025
Dromara UJCMS User ID id authorization
33RISCO
abrir
Exploit-DB
Apache Commons Text 1.10.0 - Remote Code Execution
CVE-2022-4288918 abr 2025
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.