Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
TeamPass 3.0.0.21 - SQL Injection
CVE-2023-1545HIGH22 mar 2025
SQL Injection in nilsteampassnet/teampass
41RISCO
abrir
Exploit-DB
JUX Real Estate 3.4.0 - SQL Injection
CVE-2025-2126MEDIUM20 mar 2025
JoomlaUX JUX Real Estate GET Parameter realties sql injection
33RISCO
abrir
Exploit-DB
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
CVE-2023-015919 mar 2025
Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
50RISCO
abrir
Exploit-DB
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
CVE-2023-4220HIGH18 mar 2025
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir
Exploit-DB
Devika v1 - Path Traversal via 'snapshot_path'
CVE-2024-40422CRITICAL04 ago 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path tr
68RISCO
abrir
Exploit-DB
SolarWinds Platform 2024.1 SR1 - Race Condition
CVE-2024-28999MEDIUM26 jun 2024
SolarWinds Platform Race Condition Vulnerability
38RISCO
abrir
Exploit-DB
Apache OFBiz 18.12.12 - Directory Traversal
CVE-2024-32113CRITICALsob ataque19 mai 2024
Apache OFBiz: Path traversal leading to RCE
100RISCO
abrir
Exploit-DB
htmlLawed 1.2.5 - Remote Code Execution (RCE)
CVE-2022-35914CRITICALsob ataque19 mai 2024
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
100RISCO
abrir
Exploit-DB
Wordpress Theme XStore 9.3.8 - SQLi
CVE-2024-33559CRITICAL19 mai 2024
WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability
48RISCO
abrir
Exploit-DB
Apache mod_proxy_cluster 1.2.6 - Stored XSS
CVE-2023-6710MEDIUM13 mai 2024
Mod_cluster/mod_proxy_cluster: stored cross site scripting
33RISCO
abrir
Exploit-DB
Laravel Framework 11 - Credential Leakage
CVE-2024-2929121 abr 2024
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/log
23RISCO
abrir
Exploit-DB
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
CVE-2024-3400CRITICALsob ataqueransomware21 abr 2024
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir
Exploit-DB
Jenkins 2.441 - Local File Inclusion
CVE-2024-23897CRITICALsob ataqueransomware15 abr 2024
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
Exploit-DB
OpenClinic GA 5.247.01 - Information Disclosure
CVE-2023-40278HIGH15 abr 2024
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the pr
41RISCO
abrir
Exploit-DB
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
CVE-2023-40279HIGH15 abr 2024
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page param
41RISCO
abrir
Exploit-DB
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
CVE-2023-6019CRITICAL12 abr 2024
Ray Command Injection in cpu_profile Parameter
85RISCO
abrir
Exploit-DB
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
CVE-2024-24747HIGH12 abr 2024
MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
53RISCO
abrir
Exploit-DB
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
CVE-2024-31777CRITICAL12 abr 2024
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted fil
48RISCO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - SQL Injection
CVE-2024-24495CRITICAL02 abr 2024
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbit
48RISCO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - Broken Access Control
CVE-2024-24496CRITICAL02 abr 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php,
53RISCO
abrir
Exploit-DB
GL-iNet MT6000 4.5.5 - Arbitrary File Download
CVE-2024-27356HIGH02 abr 2024
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially
46RISCO
abrir
Exploit-DB
Gibbon LMS v26.0.00 - SSTI vulnerability
CVE-2024-24724CRITICAL02 abr 2024
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re
53RISCO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
CVE-2024-24494MEDIUM02 abr 2024
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via t
38RISCO
abrir
Exploit-DB
Axigen < 10.5.7 - Persistent Cross-Site Scripting
CVE-2023-48974CRITICAL02 abr 2024
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges
48RISCO
abrir
Exploit-DB
Casdoor < v1.331.0 - '/api/set-password' CSRF
CVE-2023-3492702 abr 2024
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RISCO
abrir
Exploit-DB
Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
CVE-2024-21338HIGHsob ataqueransomware02 abr 2024
Windows Kernel Elevation of Privilege Vulnerability
83RISCO
abrir
Exploit-DB
HNAS SMU 14.8.7825 - Information Disclosure
CVE-2023-6538HIGH20 mar 2024
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
41RISCO
abrir
Exploit-DB
Employee Management System 1.0 - 'admin_id' SQLi
CVE-2024-28595CRITICAL20 mar 2024
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the ad
48RISCO
abrir
Exploit-DB
Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
CVE-2023-4602420 mar 2024
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers
23RISCO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
CVE-2024-25004HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RISCO
abrir
anteriorpágina 13 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.