Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Nginx 1.20.0 - Denial of Service (DOS)
CVE-2021-2301711 jul 2022
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from t
35RISCO
abrir
Exploit-DB
WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
CVE-2022-29548MEDIUM27 jun 2022
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0,
60RISCO
abrir
Exploit-DB
ChurchCRM 4.4.5 - SQLi
CVE-2022-3132514 jun 2022
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
23RISCO
abrir
Exploit-DB
Virtua Software Cobranca 12S - SQLi
CVE-2021-3758914 jun 2022
Virtua Cobranca before 12R allows SQL Injection on the login page.
43RISCO
abrir
Exploit-DB
Marval MSM v14.19.0.12476 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-3188514 jun 2022
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
35RISCO
abrir
Exploit-DB
Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
CVE-2020-584414 jun 2022
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators t
35RISCO
abrir
Exploit-DB
Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
CVE-2022-23642HIGH14 jun 2022
Code Injection in Sourcegraph
78RISCO
abrir
Exploit-DB
Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)
CVE-2022-2929614 jun 2022
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attack
23RISCO
abrir
Exploit-DB
Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)
CVE-2022-3188614 jun 2022
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending
23RISCO
abrir
Exploit-DB
Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
CVE-2022-26134CRITICALsob ataqueransomware10 jun 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
Exploit-DB
Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
CVE-2021-4642203 jun 2022
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute
60RISCO
abrir
Exploit-DB
Microweber CMS 1.2.15 - Account Takeover
CVE-2022-1631MEDIUM03 jun 2022
Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
33RISCO
abrir
Exploit-DB
SolarView Compact 6.00 - Directory Traversal
CVE-2022-2929803 jun 2022
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
50RISCO
abrir
Exploit-DB
Zyxel USG FLEX 5.21 - OS Command Injection
CVE-2022-30525CRITICALsob ataque03 jun 2022
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
100RISCO
abrir
Exploit-DB
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
CVE-2020-724625 mai 2022
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir
Exploit-DB
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-23626HIGH23 mai 2022
Insufficient file checks in m1k1o/blog
41RISCO
abrir
Exploit-DB
SolarView Compact 6.0 - OS Command Injection
CVE-2022-29303CRITICALsob ataque17 mai 2022
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
100RISCO
abrir
Exploit-DB
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
CVE-2022-0967MEDIUM17 mai 2022
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc
33RISCO
abrir
Exploit-DB
SDT-CW3B1 1.1.0 - OS Command Injection
CVE-2021-4642217 mai 2022
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute
60RISCO
abrir
Exploit-DB
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
CVE-2022-2972717 mai 2022
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup param
23RISCO
abrir
Exploit-DB
Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
CVE-2022-2808012 mai 2022
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
50RISCO
abrir
Exploit-DB
TLR-2005KSH - Arbitrary File Delete
CVE-2021-4642412 mai 2022
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to de
50RISCO
abrir
Exploit-DB
F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
CVE-2022-1388CRITICALsob ataqueransomware12 mai 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
100RISCO
abrir
Exploit-DB
College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
CVE-2022-2807912 mai 2022
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
43RISCO
abrir
Exploit-DB
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)
CVE-2021-4316411 mai 2022
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.191
35RISCO
abrir
Exploit-DB
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
CVE-2022-2821311 mai 2022
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does n
28RISCO
abrir
Exploit-DB
DLINK DIR850 - Open Redirect
CVE-2021-4637911 mai 2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrust
43RISCO
abrir
Exploit-DB
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706CRITICALsob ataque11 mai 2022
Remote Code Execution Vulnerability in Packaging
100RISCO
abrir
Exploit-DB
WebTareas 2.4 - Blind SQLi (Authenticated)
CVE-2021-4348111 mai 2022
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstag
23RISCO
abrir
Exploit-DB
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-24734HIGH11 mai 2022
Remote code execution in mybb
78RISCO
abrir
anteriorpágina 25 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.