Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
CVE-2022-3552HIGH28 mar 2023
Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling
53RISCO
abrir
Exploit-DB
Pega Platform 8.1.0 - Remote Code Execution (RCE)
CVE-2022-24082CRITICAL28 mar 2023
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Inte
48RISCO
abrir
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
CVE-2022-41441MEDIUM28 mar 2023
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISCO
abrir
Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
CVE-2022-3227228 mar 2023
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISCO
abrir
Exploit-DB
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
CVE-2022-42953HIGH28 mar 2023
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct r
41RISCO
abrir
Exploit-DB
Grafana <=6.2.4 - HTML Injection
CVE-2019-1306827 mar 2023
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the
35RISCO
abrir
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39291MEDIUM27 mar 2023
Denial of service through logs in zoneminder
33RISCO
abrir
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39285HIGH27 mar 2023
Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
41RISCO
abrir
Exploit-DB
FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
CVE-2022-40684CRITICALsob ataqueransomware27 mar 2023
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISCO
abrir
Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CVE-2022-39290HIGH27 mar 2023
CSRF key bypass using HTTP methods in zoneminder
41RISCO
abrir
Exploit-DB
Password Manager for IIS v2.0 - XSS
CVE-2022-36664MEDIUM25 mar 2023
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL
33RISCO
abrir
Exploit-DB
System Mechanic v15.5.0.61 - Arbitrary Read/Write
CVE-2018-570125 mar 2023
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerabi
28RISCO
abrir
Exploit-DB
ImpressCMS v1.4.3 - Authenticated SQL Injection
CVE-2022-2698625 mar 2023
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this al
23RISCO
abrir
Exploit-DB
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
CVE-2022-35155MEDIUM25 mar 2023
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the s
33RISCO
abrir
Exploit-DB
NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
CVE-2022-34668CRITICAL25 mar 2023
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage ma
48RISCO
abrir
Exploit-DB
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
CVE-2022-2614925 mar 2023
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an ex
23RISCO
abrir
Exploit-DB
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
CVE-2022-314125 mar 2023
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
23RISCO
abrir
Exploit-DB
_camp_ Raspberry Pi camera server 1.0 - Authentication Bypass
CVE-2022-37109CRITICAL25 mar 2023
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access
60RISCO
abrir
Exploit-DB
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
CVE-2021-4636025 mar 2023
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrar
23RISCO
abrir
Exploit-DB
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
CVE-2022-2698225 mar 2023
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
23RISCO
abrir
Exploit-DB
DLink DIR 819 A1 - Denial of Service
CVE-2022-40946HIGH25 mar 2023
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via t
41RISCO
abrir
Exploit-DB
Abantecart v1.3.2 - Authenticated Remote Code Execution
CVE-2022-2652125 mar 2023
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable
23RISCO
abrir
Exploit-DB
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
CVE-2022-314225 mar 2023
NEX-Forms < 7.9.7 - Authenticated SQLi
43RISCO
abrir
Exploit-DB
MAN-EAM-0003 V3.2.4 - XXE
CVE-2022-38840HIGH23 mar 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file uplo
56RISCO
abrir
Exploit-DB
Bitbucket v7.0.0 - RCE
CVE-2022-36804HIGHsob ataque23 mar 2023
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir
Exploit-DB
wkhtmltopdf 0.12.6 - Server Side Request Forgery
CVE-2022-3558323 mar 2023
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by inje
28RISCO
abrir
Exploit-DB
Linksys AX3200 V1.1.00 - Command Injection
CVE-2022-38841HIGH22 mar 2023
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagn
46RISCO
abrir
Exploit-DB
pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
CVE-2022-31814CRITICAL20 fev 2023
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISCO
abrir
Exploit-DB
SmartRG Router SR510n 2.6.13 - Remote Code Execution
CVE-2022-3766111 nov 2022
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
35RISCO
abrir
Exploit-DB
CVAT 2.0 - Server Side Request Forgery
CVE-2022-31188HIGH11 nov 2022
Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)
53RISCO
abrir
anteriorpágina 23 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.