Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.002exploits catalogados
31.582CVEs com exploração pública
TodosExploit-DB 22.467Referência 19.780GitHub PoC 13.048VulnCheck XDB 8.060Nuclei 4.185Metasploit 3.462recentespopularesrisco
22.467 exploits
Exploit-DB
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir ↗Exploit-DB
Krayin CRM v2.2.x - Authenticated Remote Code Execution
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir ↗Exploit-DB
Tenable Nessus 10.12.1 - SQL Injection
SQL Injection in Nessus via Malicious Scan Result File Import
28RISCO
abrir ↗Exploit-DB
Flowise 3.1.3 - arbitrary code execution
Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
28RISCO
abrir ↗Exploit-DB
Hydra - Stack Buffer Overflow
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RISCO
abrir ↗Exploit-DB
Discuz! X5.0 - Authentication Bypass
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISCO
abrir ↗Exploit-DB
KeepInMind 0.8.4.2 - Stored XSS
KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
33RISCO
abrir ↗Exploit-DB
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.e
41RISCO
abrir ↗Exploit-DB
Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
48RISCO
abrir ↗Exploit-DB
Joomla Extension 4.1.4 - PHP Object injection
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RISCO
abrir ↗Exploit-DB
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
41RISCO
abrir ↗Exploit-DB
OpenEMR 7.0.2 - Arbitrary File Read
OpenEMR Arbitrary File Read Vulnerability
48RISCO
abrir ↗Exploit-DB
WordPress OrderConvo 14 - Path Traversal
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RISCO
abrir ↗Exploit-DB
Drupal Core 10.5.5 - Error-Based SQL Injection
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir ↗Exploit-DB
Notepad++ 8.9.6 - Arbitrary Code Execution
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RISCO
abrir ↗Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RISCO
abrir ↗Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RISCO
abrir ↗Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart: Reflected XSS in Store Search Bar
33RISCO
abrir ↗Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISCO
abrir ↗Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISCO
abrir ↗Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir ↗Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir ↗Exploit-DB
MikroORM 7.0.13 - SQL Injection
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RISCO
abrir ↗Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir ↗Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RISCO
abrir ↗página 1 / 749próximo →
Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.