Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
8.069 exploits
VulnCheck XDB
initial-access
CVE-2026-0770CRITICAL24 fev 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2025-47812CRITICALsob ataque24 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALsob ataqueransomware24 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-32433CRITICALsob ataque24 fev 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALsob ataqueransomware24 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-2441HIGHsob ataque23 fev 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-47539CRITICAL23 fev 2026
WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2024-53704HIGHsob ataqueransomware23 fev 2026
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-31161CRITICALsob ataqueransomware23 fev 2026
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware23 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-47812CRITICALsob ataque22 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-32463CRITICALsob ataque22 fev 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALsob ataqueransomware22 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
VulnCheck XDB
local
CVE-2025-6019HIGH22 fev 2026
Libblockdev: lpe from allow_active to root in libblockdev via udisks
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALsob ataqueransomware22 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-68645HIGHsob ataque21 fev 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-49132CRITICAL21 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2022-26923HIGHsob ataque21 fev 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir
VulnCheck XDB
local
CVE-2022-37969HIGHsob ataque20 fev 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-3129CRITICALsob ataqueransomware20 fev 2026
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-1405CRITICAL20 fev 2026
Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
63RISCO
abrir
VulnCheck XDB
local
CVE-2022-24521HIGHsob ataqueransomware19 fev 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
71RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-71243CRITICAL19 fev 2026
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-1281CRITICALsob ataque19 fev 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2014-6271CRITICALsob ataque19 fev 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2026-2441HIGHsob ataque19 fev 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-1340CRITICALsob ataque19 fev 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-47812CRITICALsob ataque19 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2024-25600CRITICAL18 fev 2026
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-1731CRITICALsob ataqueransomware18 fev 2026
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISCO
abrir
anteriorpágina 32 / 269próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.