Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
Strapi 3.0.0-beta - Set Password (Unauthenticated)
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Exploit-DB
HP OfficeJet 4630/7110 MYM1FN2025AR/2117A - Stored Cross-Site Scripting (XSS)
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross
23RISCO
abrir ↗Exploit-DB
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrar
28RISCO
abrir ↗Exploit-DB
SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to
23RISCO
abrir ↗Exploit-DB
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workfl
35RISCO
abrir ↗Exploit-DB
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RISCO
abrir ↗Exploit-DB
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
60RISCO
abrir ↗Exploit-DB
Xiaomi browser 10.2.4.g - Browser Search History Disclosure
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider
28RISCO
abrir ↗Exploit-DB
Amica Prodigy 1.7 - Privilege Escalation
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Serv
23RISCO
abrir ↗Exploit-DB
CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while
23RISCO
abrir ↗Exploit-DB
qdPM 9.1 - Remote Code Execution (Authenticated)
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir ↗Exploit-DB
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RISCO
abrir ↗Exploit-DB
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF)
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute
23RISCO
abrir ↗Exploit-DB
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
28RISCO
abrir ↗Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISCO
abrir ↗Exploit-DB
ElasticSearch 7.13.3 - Memory disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir ↗Exploit-DB
Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's ru
35RISCO
abrir ↗Exploit-DB
WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RISCO
abrir ↗Exploit-DB
PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQ
23RISCO
abrir ↗Exploit-DB
Aruba Instant 8.7.1.0 - Arbitrary File Modification
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RISCO
abrir ↗Exploit-DB
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pa
100RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s
28RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve
43RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve
35RISCO
abrir ↗Exploit-DB
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISCO
abrir ↗Exploit-DB
WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products
28RISCO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.