Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Expedition: Missing Authentication Leads to Admin Account Takeover
100RISCO
abrir ↗Exploit-DB
Watcharr 1.43.0 - Remote Code Execution (RCE)
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the
41RISCO
abrir ↗Exploit-DB
DataEase 2.4.0 - Database Configuration Information Exposure
DataEase has database configuration information exposure vulnerability
53RISCO
abrir ↗Exploit-DB
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RISCO
abrir ↗Exploit-DB
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗Exploit-DB
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
IBM Security Verify Access HTTP open redirect
33RISCO
abrir ↗Exploit-DB
Next.js Middleware 15.2.2 - Authorization Bypass
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗Exploit-DB
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RISCO
abrir ↗Exploit-DB
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
33RISCO
abrir ↗Exploit-DB
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Explo
75RISCO
abrir ↗Exploit-DB
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Remote code Execution inTimeProvider® 4100
46RISCO
abrir ↗Exploit-DB
AppSmith 1.47 - Remote Code Execution (RCE)
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the
38RISCO
abrir ↗Exploit-DB
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
Microsoft Office Spoofing Vulnerability
38RISCO
abrir ↗Exploit-DB
Vite 6.2.2 - Arbitrary File Read
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
Hard coded default credential contained in install package
41RISCO
abrir ↗Exploit-DB
Webmin Usermin 2.100 - Username Enumeration
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid
48RISCO
abrir ↗Exploit-DB
SAP NetWeaver - 7.53 - HTTP Request Smuggling
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and
100RISCO
abrir ↗Exploit-DB
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to ex
33RISCO
abrir ↗Exploit-DB
XWiki Standard 14.10 - Remote Code Execution (RCE)
XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
53RISCO
abrir ↗Exploit-DB
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
Registration Authentication Bypass Vulnerability
100RISCO
abrir ↗Exploit-DB
Litespeed Cache 6.5.0.1 - Authentication Bypass
WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
85RISCO
abrir ↗Exploit-DB
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir ↗Exploit-DB
CodeCanyon RISE CRM 3.7.0 - SQL Injection
CodeCanyon RISE Ultimate Project Manager save sql injection
38RISCO
abrir ↗Exploit-DB
Sonatype Nexus Repository 3.53.0-01 - Path Traversal
Nexus Repository 3 - Path Traversal
61RISCO
abrir ↗Exploit-DB
KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSp
33RISCO
abrir ↗Exploit-DB
MoziloCMS 3.0 - Remote Code Execution (RCE)
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute a
46RISCO
abrir ↗Exploit-DB
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.