Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.107VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad
23RISCO
abrir ↗Exploit-DB
CoreFTP Server build 725 - Directory Traversal (Authenticated)
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP
23RISCO
abrir ↗Exploit-DB
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RISCO
abrir ↗Exploit-DB
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
50RISCO
abrir ↗Exploit-DB
Automox Agent 32 - Local Privilege Escalation
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
23RISCO
abrir ↗Exploit-DB
ConnectWise Control 19.2.24707 - Username Enumeration
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumer
28RISCO
abrir ↗Exploit-DB
Nettmp NNT 5.1 - SQLi Authentication Bypass
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel
23RISCO
abrir ↗Exploit-DB
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScrip
23RISCO
abrir ↗Exploit-DB
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
Gerapy may contain remote code execution vulnerability
60RISCO
abrir ↗Exploit-DB
Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication reques
43RISCO
abrir ↗Exploit-DB
Apache Log4j 2 - Remote Code Execution (RCE)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Exploit-DB
Apache Log4j2 2.14.1 - Information Disclosure
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Exploit-DB
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitra
28RISCO
abrir ↗Exploit-DB
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_L
50RISCO
abrir ↗Exploit-DB
WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)
Distributed Data Systems WebHM
60RISCO
abrir ↗Exploit-DB
Raspberry Pi 5.10 - Default Credentials
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain a
28RISCO
abrir ↗Exploit-DB
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
Grafana path traversal
100RISCO
abrir ↗Exploit-DB
Student Management System 1.0 - SQLi Authentication Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (
28RISCO
abrir ↗Exploit-DB
Croogo 3.0.2 - Remote Code Execution (Authenticated)
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malic
23RISCO
abrir ↗Exploit-DB
Auerswald COMpact 8.0B - Multiple Backdoors
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web
60RISCO
abrir ↗Exploit-DB
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RISCO
abrir ↗Exploit-DB
Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP an
23RISCO
abrir ↗Exploit-DB
Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISCO
abrir ↗Exploit-DB
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RISCO
abrir ↗Exploit-DB
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir ↗Exploit-DB
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
38RISCO
abrir ↗Exploit-DB
Online Learning System 2.0 - Remote Code Execution (RCE)
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/adm
23RISCO
abrir ↗Exploit-DB
Simple Subscription Website 1.0 - SQLi Authentication Bypass
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
23RISCO
abrir ↗Exploit-DB
WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)
WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.