Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
19.810 exploits
Referência
CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a deni
60RISCO
abrir
Referência
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att
60RISCO
abrir
Referência
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att
60RISCO
abrir
Referência
CVE-2021-24862
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RISCO
abrir
Referência
CVE-2016-7202
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute a
45RISCO
abrir
Referência
CVE-2016-7202
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute a
45RISCO
abrir
Referência
CVE-2011-5007
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB
60RISCO
abrir
Referência
CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RISCO
abrir
Referência
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the
45RISCO
abrir
Referência
Philex 0.2.3 - Remote File Inclusion / File Disclosure
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute
45RISCO
abrir
Referência
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a
60RISCO
abrir
Referência
CVE-2019-13720
CVE-2019-13720HIGHsob ataque
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap
93RISCO
abrir
Referência
CVE-2025-2776
CVE-2025-2776CRITICALsob ataque
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
100RISCO
abrir
Referência
CVE-2016-1744
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary co
23RISCO
abrir
Referência
CVE-2020-5741
CVE-2020-5741HIGHsob ataque
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb
100RISCO
abrir
Referência
CVE-2021-4045
TP-LINK Tapo C200 remote code execution vulnerability
70RISCO
abrir
Referência
CVE-2006-0992
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute ar
60RISCO
abrir
Referência
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions pri
60RISCO
abrir
Referência
CVE-2017-6326
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RISCO
abrir
Referência
CVE-2014-6038
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerabili
60RISCO
abrir
Referência
Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
Referência
CVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RISCO
abrir
Referência
CVE-2019-1429
CVE-2019-1429HIGHsob ataque
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISCO
abrir
Referência
CVE-2014-3914
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows
60RISCO
abrir
Referência
CVE-2017-6316
CVE-2017-6316CRITICALsob ataque
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r
100RISCO
abrir
Referência
CVE-2017-6316
CVE-2017-6316CRITICALsob ataque
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r
100RISCO
abrir
Referência
CVE-2018-7841
CVE-2018-7841CRITICALsob ataque
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RISCO
abrir
Referência
CVE-2022-20699
CVE-2022-20699CRITICALsob ataque
Cisco Small Business RV Series Routers Vulnerabilities
100RISCO
abrir
Referência
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RISCO
abrir
Referência
CVE-2021-25296
CVE-2021-25296HIGHsob ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir
anteriorpágina 35 / 661próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.