Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
8.069 exploits
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware31 jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque30 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
local
CVE-2026-21858CRITICAL30 jan 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-40554CRITICAL29 jan 2026
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-11707HIGHsob ataque29 jan 2026
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RISCO
abrir
VulnCheck XDB
info-leak
CVE-2025-5419HIGHsob ataque29 jan 2026
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RISCO
abrir
VulnCheck XDB
info-leak
CVE-2017-7921CRITICALsob ataque28 jan 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-2449928 jan 2026
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque28 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0920CRITICAL28 jan 2026
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque28 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque27 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque27 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque27 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-25253HIGH27 jan 2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RISCO
abrir
VulnCheck XDB
client-side
CVE-2026-21509HIGHsob ataque27 jan 2026
Microsoft Office Security Feature Bypass Vulnerability
93RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware27 jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque27 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2024-50498CRITICAL27 jan 2026
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
75RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALsob ataque27 jan 2026
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2009-310326 jan 2026
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Window
60RISCO
abrir
VulnCheck XDB
local
CVE-2023-3881726 jan 2026
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to th
23RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALsob ataque26 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALsob ataque26 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALsob ataque26 jan 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
VulnCheck XDB
local
CVE-2015-2291HIGHsob ataqueransomware25 jan 2026
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows all
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-9978MEDIUMsob ataque25 jan 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-20045HIGHsob ataque25 jan 2026
Cisco Unified Communications Products Remote Code Execution Vulnerability
71RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALsob ataque25 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALsob ataque25 jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
anteriorpágina 36 / 269próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.