Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Answerdev 1.0.3 - Account Takeover
CVE-2023-0744CRITICAL05 abr 2023
Improper Access Control in answerdev/answer
48RISCO
abrir
Exploit-DB
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
CVE-2022-44877CRITICALsob ataque05 abr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISCO
abrir
Exploit-DB
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
CVE-2022-46604HIGH05 abr 2023
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanis
41RISCO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - DoS
CVE-2022-44267MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RISCO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
CVE-2022-44268MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RISCO
abrir
Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
CVE-2023-0493MEDIUM05 abr 2023
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RISCO
abrir
Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
CVE-2022-2988505 abr 2023
EncryptInterceptor does not provide complete protection on insecure networks
45RISCO
abrir
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2020-5330HIGH05 abr 2023
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RISCO
abrir
Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CVE-2022-2846MEDIUM05 abr 2023
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RISCO
abrir
Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
CVE-2021-33990CRITICAL05 abr 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RISCO
abrir
Exploit-DB
ERPNext 12.29 - Cross-Site Scripting (XSS)
CVE-2022-2859805 abr 2023
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-contro
23RISCO
abrir
Exploit-DB
itech TrainSmart r1044 - SQL injection
CVE-2021-36520HIGH05 abr 2023
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
41RISCO
abrir
Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
CVE-2022-46552HIGH05 abr 2023
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RISCO
abrir
Exploit-DB
Binwalk v2.3.2 - Remote Command Execution (RCE)
CVE-2022-4510HIGH05 abr 2023
Path Traversal in binwalk
46RISCO
abrir
Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
CVE-2023-0315HIGH05 abr 2023
Command Injection in froxlor/froxlor
78RISCO
abrir
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2019-15993HIGH05 abr 2023
Cisco Small Business Switches Information Disclosure Vulnerability
46RISCO
abrir
Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
CVE-2020-25213CRITICALsob ataque03 abr 2023
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
Exploit-DB
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
CVE-2023-23488CRITICAL03 abr 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISCO
abrir
Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
CVE-2022-34125MEDIUM03 abr 2023
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RISCO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
CVE-2022-31125CRITICAL03 abr 2023
Authentication Bypass in Roxy-wi
53RISCO
abrir
Exploit-DB
sleuthkit 4.11.1 - Command Injection
CVE-2022-45639HIGH03 abr 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RISCO
abrir
Exploit-DB
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
CVE-2023-22809HIGH03 abr 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISCO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
CVE-2023-2316203 abr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RISCO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
CVE-2023-2316103 abr 2023
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RISCO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-31126CRITICAL03 abr 2023
Unauthenticated Remote Code Execution in Roxy-wi
75RISCO
abrir
Exploit-DB
Windows 11 10.0.22000 - Backup service Privilege Escalation
CVE-2023-21752HIGH03 abr 2023
Windows Backup Service Elevation of Privilege Vulnerability
41RISCO
abrir
Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-34128CRITICAL03 abr 2023
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RISCO
abrir
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 abr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RISCO
abrir
Exploit-DB
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
CVE-2022-47870MEDIUM03 abr 2023
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows r
33RISCO
abrir
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 abr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RISCO
abrir
anteriorpágina 21 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.