Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2022-33891
Apache Spark shell command injection vulnerability via Spark UI
100RISCO
abrir ↗Referência
CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISCO
abrir ↗Referência
CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISCO
abrir ↗Referência
CVE-2019-15976
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
70RISCO
abrir ↗Referência
CVE-2016-0492
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir ↗Referência
CVE-2016-0492
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir ↗Referência
CVE-2016-0492
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir ↗Referência
CVE-2010-1720
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote atta
23RISCO
abrir ↗Referência
CVE-2016-1524
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RISCO
abrir ↗Referência
CVE-2022-40022
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
85RISCO
abrir ↗Referência
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISCO
abrir ↗Referência
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous
100RISCO
abrir ↗Referência
CVE-2022-21371
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported ve
78RISCO
abrir ↗Referência
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
100RISCO
abrir ↗Referência
CVE-2020-1350
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RISCO
abrir ↗Referência
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISCO
abrir ↗Referência
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISCO
abrir ↗Referência
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Referência
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Referência
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Referência
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir ↗Referência
CVE-2018-11138
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RISCO
abrir ↗Referência
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.