Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an
68RISCO
abrir ↗Exploit-DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technolog
60RISCO
abrir ↗Exploit-DB
CVAT 2.0 - Server Side Request Forgery
Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)
53RISCO
abrir ↗Exploit-DB
Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
23RISCO
abrir ↗Exploit-DB
Teleport v10.1.1 - Remote Code Execution (RCE)
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RISCO
abrir ↗Exploit-DB
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
TP-LINK Tapo C200 remote code execution vulnerability
70RISCO
abrir ↗Exploit-DB
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
33RISCO
abrir ↗Exploit-DB
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RISCO
abrir ↗Exploit-DB
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerabilit
35RISCO
abrir ↗Exploit-DB
Blink1Control2 2.2.7 - Weak Password Encryption
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
23RISCO
abrir ↗Exploit-DB
Bookwyrm v0.4.3 - Authentication Bypass
Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm
53RISCO
abrir ↗Exploit-DB
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
Gitea before 1.16.7 does not escape git fetch remote.
60RISCO
abrir ↗Exploit-DB
Prestashop blockwishlist module 2.1.0 - SQLi
SQL Injection in prestashop/blockwishlist
61RISCO
abrir ↗Exploit-DB
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RISCO
abrir ↗Exploit-DB
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RISCO
abrir ↗Exploit-DB
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RISCO
abrir ↗Exploit-DB
PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
PAN-OS: OS command injection vulnerability in the management web interface
78RISCO
abrir ↗Exploit-DB
uftpd 2.10 - Directory Traversal (Authenticated)
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server ver
28RISCO
abrir ↗Exploit-DB
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
Duplicator < 1.4.7 - Unauthenticated Backup Download
43RISCO
abrir ↗Exploit-DB
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISCO
abrir ↗Exploit-DB
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
38RISCO
abrir ↗Exploit-DB
Wavlink WN533A8 - Password Disclosure
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via vie
43RISCO
abrir ↗Exploit-DB
Wavlink WN533A8 - Cross-Site Scripting (XSS)
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via th
38RISCO
abrir ↗Exploit-DB
Wavlink WN530HG4 - Password Disclosure
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via v
43RISCO
abrir ↗Exploit-DB
Dingtian-DT-R002 3.1.276A - Authentication Bypass
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post reques
38RISCO
abrir ↗Exploit-DB
rpc.py 0.6.0 - Remote Code Execution (RCE)
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header i
35RISCO
abrir ↗Exploit-DB
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function.
35RISCO
abrir ↗Exploit-DB
OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
28RISCO
abrir ↗Exploit-DB
CodoForum v5.1 - Remote Code Execution (RCE)
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin
50RISCO
abrir ↗Exploit-DB
IOTransfer 4.0 - Remote Code Execution (RCE)
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.