Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.044exploits catalogados
31.616CVEs com exploração pública
0testados em laboratório
8.060 exploits
VulnCheck XDB
client-side
CVE-2024-21413CRITICALsob ataque04 jul 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL04 jul 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-12615HIGHsob ataqueransomware03 jul 2026
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-8451HIGH03 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2024-1561HIGH03 jul 2026
Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
56RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-52813CRITICAL02 jul 2026
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-8451HIGH02 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-27877HIGHsob ataqueransomware02 jul 2026
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48558CRITICAL02 jul 2026
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque02 jul 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALsob ataque02 jul 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2026-56011HIGH01 jul 2026
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque01 jul 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL01 jul 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL01 jul 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
VulnCheck XDB
initial-access
CVE-2020-5902CRITICALsob ataqueransomware01 jul 2026
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-4020HIGH30 jun 2026
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-8451HIGH30 jun 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2012-1823CRITICALsob ataque30 jun 2026
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISCO
abrir
VulnCheck XDB
local
CVE-2019-2215HIGHsob ataque30 jun 2026
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque30 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-55255HIGH30 jun 2026
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware29 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-28496CRITICAL29 jun 2026
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-20253CRITICALsob ataque29 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
VulnCheck XDB
local
CVE-2023-4911HIGHsob ataque29 jun 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-3864629 jun 2026
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALsob ataque29 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.