Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
MAC 1200R - Directory Traversal
CVE-2021-27825HIGH07 abr 2023
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-stati
41RISCO
abrir
Exploit-DB
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
CVE-2020-35391CRITICAL07 abr 2023
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_pas
60RISCO
abrir
Exploit-DB
Wondershare Dr Fone 12.9.6 - Privilege Escalation
CVE-2023-27010HIGH07 abr 2023
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability all
41RISCO
abrir
Exploit-DB
Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-45701HIGH06 abr 2023
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
53RISCO
abrir
Exploit-DB
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
CVE-2020-1179806 abr 2023
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RISCO
abrir
Exploit-DB
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
CVE-2022-40032CRITICAL06 abr 2023
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' paramet
68RISCO
abrir
Exploit-DB
Dompdf 1.2.1 - Remote Code Execution (RCE)
CVE-2022-2836806 abr 2023
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RISCO
abrir
Exploit-DB
ABUS Security Camera TVIP 20000-21150 - LFI_ RCE and SSH Root Access
CVE-2023-26609HIGH06 abr 2023
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin
53RISCO
abrir
Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
CVE-2023-0915MEDIUM06 abr 2023
SourceCodester Auto Dealer Management System sql injection
33RISCO
abrir
Exploit-DB
POLR URL 2.3.0 - Shortener Admin Takeover
CVE-2021-21276CRITICAL06 abr 2023
Privilege escalation in Polr
48RISCO
abrir
Exploit-DB
Intern Record System v1.0 - SQL Injection (Unauthenticated)
CVE-2022-40347CRITICAL06 abr 2023
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType
48RISCO
abrir
Exploit-DB
Employee Task Management System v1.0 - Broken Authentication
CVE-2023-0905HIGH06 abr 2023
SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
41RISCO
abrir
Exploit-DB
Music Gallery Site v1.0 - Broken Access Control
CVE-2023-0963HIGH06 abr 2023
SourceCodester Music Gallery Site POST Request Users.php access control
41RISCO
abrir
Exploit-DB
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
CVE-2023-22629HIGH06 abr 2023
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the
61RISCO
abrir
Exploit-DB
Auto Dealer Management System 1.0 - Broken Access Control Exploit
CVE-2023-0916MEDIUM06 abr 2023
SourceCodester Auto Dealer Management System Users.php access control
33RISCO
abrir
Exploit-DB
modoboa 2.0.4 - Admin TakeOver
CVE-2023-0777HIGH06 abr 2023
Authentication Bypass by Primary Weakness in modoboa/modoboa
61RISCO
abrir
Exploit-DB
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
CVE-2023-24217HIGH06 abr 2023
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
41RISCO
abrir
Exploit-DB
Music Gallery Site v1.0 - SQL Injection on page Master.php
CVE-2023-0962MEDIUM06 abr 2023
SourceCodester Music Gallery Site GET Request Master.php sql injection
33RISCO
abrir
Exploit-DB
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
CVE-2023-0943MEDIUM06 abr 2023
SourceCodester Best POS Management System Image save_settings unrestricted upload
33RISCO
abrir
Exploit-DB
Music Gallery Site v1.0 - SQL Injection on music_list.php
CVE-2023-0938MEDIUM06 abr 2023
SourceCodester Music Gallery Site GET Request music_list.php sql injection
33RISCO
abrir
Exploit-DB
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
CVE-2023-0904MEDIUM06 abr 2023
SourceCodester Employee Task Management System task-details.php sql injection
33RISCO
abrir
Exploit-DB
Art Gallery Management System Project in PHP v 1.0 - SQL injection
CVE-2023-2315606 abr 2023
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid par
23RISCO
abrir
Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection
CVE-2023-0912MEDIUM06 abr 2023
SourceCodester Auto Dealer Management System sql injection
33RISCO
abrir
Exploit-DB
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
CVE-2023-0961MEDIUM06 abr 2023
SourceCodester Music Gallery Site GET Request view_music_details.php sql injection
33RISCO
abrir
Exploit-DB
Employee Task Management System v1.0 - SQL Injection on edit-task.php
CVE-2023-0902LOW06 abr 2023
SourceCodester Simple Food Ordering System process_order.php cross site scripting
28RISCO
abrir
Exploit-DB
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
CVE-2023-0902LOW06 abr 2023
SourceCodester Simple Food Ordering System process_order.php cross site scripting
28RISCO
abrir
Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
CVE-2023-0913MEDIUM06 abr 2023
SourceCodester Auto Dealer Management System sql injection
33RISCO
abrir
Exploit-DB
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
CVE-2022-48110MEDIUM05 abr 2023
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CK
33RISCO
abrir
Exploit-DB
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
CVE-2023-23286MEDIUM05 abr 2023
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the s
33RISCO
abrir
Exploit-DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
CVE-2023-0214MEDIUM05 abr 2023
XSS in Skyhigh Security SWG
33RISCO
abrir
anteriorpágina 20 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.