Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Answerdev 1.0.3 - Account Takeover
Improper Access Control in answerdev/answer
48RISCO
abrir ↗Exploit-DB
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISCO
abrir ↗Exploit-DB
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanis
41RISCO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - DoS
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RISCO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RISCO
abrir ↗Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RISCO
abrir ↗Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
EncryptInterceptor does not provide complete protection on insecure networks
45RISCO
abrir ↗Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RISCO
abrir ↗Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RISCO
abrir ↗Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RISCO
abrir ↗Exploit-DB
ERPNext 12.29 - Cross-Site Scripting (XSS)
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-contro
23RISCO
abrir ↗Exploit-DB
itech TrainSmart r1044 - SQL injection
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
41RISCO
abrir ↗Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RISCO
abrir ↗Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
Command Injection in froxlor/froxlor
78RISCO
abrir ↗Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Cisco Small Business Switches Information Disclosure Vulnerability
46RISCO
abrir ↗Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir ↗Exploit-DB
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISCO
abrir ↗Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RISCO
abrir ↗Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
Authentication Bypass in Roxy-wi
53RISCO
abrir ↗Exploit-DB
sleuthkit 4.11.1 - Command Injection
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RISCO
abrir ↗Exploit-DB
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISCO
abrir ↗Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RISCO
abrir ↗Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RISCO
abrir ↗Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
Unauthenticated Remote Code Execution in Roxy-wi
75RISCO
abrir ↗Exploit-DB
Windows 11 10.0.22000 - Backup service Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
41RISCO
abrir ↗Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RISCO
abrir ↗Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RISCO
abrir ↗Exploit-DB
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows r
33RISCO
abrir ↗Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.