Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.046exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8.060Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
FortiWeb 8.0.2 - Remote Code Execution
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir ↗Exploit-DB
Fortinet FortiWeb v8.0.1 - Auth Bypass
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir ↗Exploit-DB
Windows Kernel - Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir ↗Exploit-DB
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Microsoft DWM Core Library Elevation of Privilege Vulnerability
41RISCO
abrir ↗Exploit-DB
Boss Mini v1.4.0 - Local File Inclusion (LFI)
Boss Mini document file inclusion
78RISCO
abrir ↗Exploit-DB
WordPress Backup Migration 1.3.7 - Remote Command Execution
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗Exploit-DB
mailcow 2025-01a - Host Header Password Reset Poisoning
mailcow: dockerized vulnerable to password reset poisoning
41RISCO
abrir ↗Exploit-DB
motionEye 0.43.1b4 - RCE
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir ↗Exploit-DB
Docker Desktop 4.44.3 - Unauthenticated API Exposure
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir ↗Exploit-DB
OctoPrint 1.11.2 - File Upload
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
46RISCO
abrir ↗Exploit-DB
Siklu EtherHaul Series EH-8010 - Remote Command Execution
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and p
48RISCO
abrir ↗Exploit-DB
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
Remote code execution via ND6 Router Advertisements
56RISCO
abrir ↗Exploit-DB
esm-dev 136 - Path Traversal
esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
48RISCO
abrir ↗Exploit-DB
Pluck 4.7.7-dev2 - PHP Code Execution
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute a
23RISCO
abrir ↗Exploit-DB
phpIPAM 1.4 - SQL-Injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
23RISCO
abrir ↗Exploit-DB
Django 5.1.13 - SQL Injection
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RISCO
abrir ↗Exploit-DB
phpMyAdmin 5.0.0 - SQL Injection
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could
35RISCO
abrir ↗Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
23RISCO
abrir ↗Exploit-DB
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
23RISCO
abrir ↗Exploit-DB
OpenRepeater 2.1 - OS Command Injection
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_sy
28RISCO
abrir ↗Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
23RISCO
abrir ↗Exploit-DB
openSIS Community Edition 8.0 - SQL Injection
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
23RISCO
abrir ↗Exploit-DB
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip
23RISCO
abrir ↗Exploit-DB
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc
38RISCO
abrir ↗Exploit-DB
PluckCMS 4.7.10 - Unrestricted File Upload
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_resto
41RISCO
abrir ↗Exploit-DB
MaNGOSWebV4 4.0.6 - Reflected XSS
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RISCO
abrir ↗Exploit-DB
MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
MobileDetect Example session_example.php initLayoutType cross site scripting
28RISCO
abrir ↗Exploit-DB
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in yourls/yourls
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.