Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2026-7095
code-projects Employee Management System edit.php cross site scripting
33RISCO
abrir ↗Referência
CVE-2026-7094
ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery
33RISCO
abrir ↗Referência
CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RISCO
abrir ↗Referência
CVE-2013-3214
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RISCO
abrir ↗Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISCO
abrir ↗Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISCO
abrir ↗Referência
CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISCO
abrir ↗Referência
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
ingress-nginx controller - configuration injection via unsanitized mirror annotations
78RISCO
abrir ↗Referência
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RISCO
abrir ↗Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISCO
abrir ↗Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISCO
abrir ↗Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISCO
abrir ↗Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISCO
abrir ↗Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RISCO
abrir ↗Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RISCO
abrir ↗Referência
CVE-2017-0213
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Ser
93RISCO
abrir ↗Referência
CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely vi
93RISCO
abrir ↗Referência
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agen
100RISCO
abrir ↗Referência
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir ↗Referência
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir ↗Referência
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions pre
60RISCO
abrir ↗Referência
CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RISCO
abrir ↗Referência
CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable fil
60RISCO
abrir ↗Referência
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nod
45RISCO
abrir ↗Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISCO
abrir ↗Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISCO
abrir ↗Referência
CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.