Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.810 exploits
Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir ↗Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RISCO
abrir ↗Referência
CVE-2023-4911
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir ↗Referência
CVE-2023-4911
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir ↗Referência
glibc 2.38 - Buffer Overflow
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir ↗Referência
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
60RISCO
abrir ↗Referência
CVE-2017-0070
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling object
45RISCO
abrir ↗Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir ↗Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir ↗Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir ↗Referência★ 34
CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
85RISCO
abrir ↗Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RISCO
abrir ↗Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RISCO
abrir ↗Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RISCO
abrir ↗Referência
CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RISCO
abrir ↗Referência
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir ↗Referência
TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RISCO
abrir ↗Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir ↗Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISCO
abrir ↗Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RISCO
abrir ↗Referência
CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.