Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
19.810 exploits
Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir
Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir
Referência
CVE-2023-4911
CVE-2023-4911HIGHsob ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
Referência
CVE-2023-4911
CVE-2023-4911HIGHsob ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
Referência
glibc 2.38 - Buffer Overflow
CVE-2023-4911HIGHsob ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
Referência
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
60RISCO
abrir
Referência
CVE-2017-0070
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling object
45RISCO
abrir
Referência
CVE-2021-39312
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RISCO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir
Referência
CVE-2021-1732
CVE-2021-1732HIGHsob ataqueransomware
Windows Win32k Elevation of Privilege Vulnerability
100RISCO
abrir
Referência
CVE-2021-1732
CVE-2021-1732HIGHsob ataqueransomware
Windows Win32k Elevation of Privilege Vulnerability
100RISCO
abrir
Referência34
CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
85RISCO
abrir
Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RISCO
abrir
Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RISCO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir
Referência
CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RISCO
abrir
Referência
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir
Referência
TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir
Referência
CVE-2019-9851
LibreLogo global-event script execution
60RISCO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir
Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISCO
abrir
Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISCO
abrir
Referência
CVE-2013-1347
CVE-2013-1347HIGHsob ataque
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RISCO
abrir
anteriorpágina 30 / 661próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.