Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
8.069 exploits
VulnCheck XDB
client-side
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
Windows SMB Client Elevation of Privilege Vulnerability
83RISCO
abrir ↗VulnCheck XDB
initial-access
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗VulnCheck XDB
initial-access
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir ↗VulnCheck XDB
initial-access
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗VulnCheck XDB
initial-access
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISCO
abrir ↗VulnCheck XDB
initial-access
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
63RISCO
abrir ↗VulnCheck XDB
denial-of-service
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗VulnCheck XDB
initial-access
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to
23RISCO
abrir ↗VulnCheck XDB
local
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RISCO
abrir ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗VulnCheck XDB
initial-access
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
63RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir ↗VulnCheck XDB
initial-access
BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass
48RISCO
abrir ↗VulnCheck XDB
initial-access
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir ↗VulnCheck XDB
initial-access
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir ↗VulnCheck XDB
info-leak
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RISCO
abrir ↗VulnCheck XDB
initial-access
Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISCO
abrir ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗VulnCheck XDB
client-side
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISCO
abrir ↗VulnCheck XDB
initial-access
MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.