Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
GitLab CE/EE < 16.7.2 - Password Reset
CVE-2023-7028CRITICALsob ataque14 mar 2024
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISCO
abrir
Exploit-DB
SolarView Compact 6.00 - Command Injection
CVE-2023-23333CRITICAL14 mar 2024
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RISCO
abrir
Exploit-DB
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
CVE-2023-42793CRITICALsob ataqueransomware14 mar 2024
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RISCO
abrir
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5702MEDIUM14 mar 2024
Viessmann Vitogate 300 direct request
38RISCO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
CVE-2024-25003HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
41RISCO
abrir
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5222MEDIUM14 mar 2024
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RISCO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
CVE-2024-25004HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RISCO
abrir
Exploit-DB
KiTTY 0.76.1.13 - Command Injection
CVE-2024-23749HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
41RISCO
abrir
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25832HIGH10 mar 2024
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to
46RISCO
abrir
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25830CRITICAL10 mar 2024
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An una
53RISCO
abrir
Exploit-DB
Hide My WP < 6.2.9 - Unauthenticated SQLi
CVE-2022-4681CRITICAL10 mar 2024
Hide My WP < 6.2.9 - Unauthenticated SQLi
48RISCO
abrir
Exploit-DB
Ladder v0.0.21 - Server-side request forgery (SSRF)
CVE-2024-27620HIGH10 mar 2024
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request
41RISCO
abrir
Exploit-DB
Akaunting < 3.1.3 - RCE
CVE-2024-22836CRITICAL10 mar 2024
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company loc
60RISCO
abrir
Exploit-DB
Numbas < v7.3 - Remote Code Execution
CVE-2024-27612MEDIUM10 mar 2024
Numbas editor before 7.3 mishandles editing of themes and extensions.
38RISCO
abrir
Exploit-DB
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
CVE-2024-27744MEDIUM03 mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RISCO
abrir
Exploit-DB
Petrol Pump Management Software v.1.0 - SQL Injection
CVE-2024-27746CRITICAL03 mar 2024
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a c
53RISCO
abrir
Exploit-DB
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload
CVE-2024-27747CRITICAL03 mar 2024
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a cra
53RISCO
abrir
Exploit-DB
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
CVE-2024-27743MEDIUM03 mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RISCO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration
CVE-2024-25734HIGH26 fev 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only a
41RISCO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
CVE-2024-25735CRITICAL26 fev 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RISCO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'
CVE-2024-25736HIGH26 fev 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /d
41RISCO
abrir
Exploit-DB
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
CVE-2023-3897MEDIUM19 fev 2024
Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
33RISCO
abrir
Exploit-DB
Media Library Assistant Wordpress Plugin - RCE and LFI
CVE-2023-4634CRITICAL09 out 2023
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
85RISCO
abrir
Exploit-DB
Clcknshop 1.0.0 - SQL Injection
CVE-2023-4708MEDIUM09 out 2023
Infosoftbd Clcknshop GET Parameter all sql injection
45RISCO
abrir
Exploit-DB
Cacti 1.2.24 - Authenticated command injection when using SNMP options
CVE-2023-39362HIGH09 out 2023
Authenticated command injection in SNMP options of a Device
63RISCO
abrir
Exploit-DB
BoidCMS v2.0.0 - authenticated file upload vulnerability
CVE-2023-3883609 out 2023
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RISCO
abrir
Exploit-DB
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
CVE-2023-4278HIGH09 out 2023
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
41RISCO
abrir
Exploit-DB
Splunk 9.0.5 - admin account take over
CVE-2023-32707HIGH09 out 2023
‘edit_user’ Capability Privilege Escalation
78RISCO
abrir
Exploit-DB
GLPI GZIP(Py3) 9.4.5 - RCE
CVE-2020-11060HIGH09 out 2023
Remote Code Execution in GLPI
46RISCO
abrir
Exploit-DB
Minio 2022-07-29T19-40-48Z - Path traversal
CVE-2022-35919HIGH09 out 2023
Authenticated requests for server update admin API allows path traversal in minio
53RISCO
abrir
anteriorpágina 14 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.