Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling
53RISCO
abrir ↗Exploit-DB
Pega Platform 8.1.0 - Remote Code Execution (RCE)
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Inte
48RISCO
abrir ↗Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RISCO
abrir ↗Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISCO
abrir ↗Exploit-DB
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct r
41RISCO
abrir ↗Exploit-DB
Grafana <=6.2.4 - HTML Injection
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the
35RISCO
abrir ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Denial of service through logs in zoneminder
33RISCO
abrir ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
41RISCO
abrir ↗Exploit-DB
FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISCO
abrir ↗Exploit-DB
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
CSRF key bypass using HTTP methods in zoneminder
41RISCO
abrir ↗Exploit-DB
Password Manager for IIS v2.0 - XSS
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL
33RISCO
abrir ↗Exploit-DB
System Mechanic v15.5.0.61 - Arbitrary Read/Write
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerabi
28RISCO
abrir ↗Exploit-DB
ImpressCMS v1.4.3 - Authenticated SQL Injection
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this al
23RISCO
abrir ↗Exploit-DB
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the s
33RISCO
abrir ↗Exploit-DB
NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage ma
48RISCO
abrir ↗Exploit-DB
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an ex
23RISCO
abrir ↗Exploit-DB
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
23RISCO
abrir ↗Exploit-DB
_camp_ Raspberry Pi camera server 1.0 - Authentication Bypass
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access
60RISCO
abrir ↗Exploit-DB
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrar
23RISCO
abrir ↗Exploit-DB
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
23RISCO
abrir ↗Exploit-DB
DLink DIR 819 A1 - Denial of Service
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via t
41RISCO
abrir ↗Exploit-DB
Abantecart v1.3.2 - Authenticated Remote Code Execution
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable
23RISCO
abrir ↗Exploit-DB
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
NEX-Forms < 7.9.7 - Authenticated SQLi
43RISCO
abrir ↗Exploit-DB
MAN-EAM-0003 V3.2.4 - XXE
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file uplo
56RISCO
abrir ↗Exploit-DB
Bitbucket v7.0.0 - RCE
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir ↗Exploit-DB
wkhtmltopdf 0.12.6 - Server Side Request Forgery
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by inje
28RISCO
abrir ↗Exploit-DB
Linksys AX3200 V1.1.00 - Command Injection
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagn
46RISCO
abrir ↗Exploit-DB
pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISCO
abrir ↗Exploit-DB
SmartRG Router SR510n 2.6.13 - Remote Code Execution
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
35RISCO
abrir ↗Exploit-DB
CVAT 2.0 - Server Side Request Forgery
Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)
53RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.