Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
19.791 exploits
Referência
CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xin
50RISCO
abrir
Referência
CVE-2017-6077
CVE-2017-6077CRITICALsob ataque
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitra
90RISCO
abrir
Referência
CVE-2011-0654
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in
50RISCO
abrir
Referência
CVE-2017-11809
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker
35RISCO
abrir
Referência
SerWeb 0.9.4 - 'load_lang.php' Remote File Inclusion
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to exe
35RISCO
abrir
Referência
linksnet newsfeed 1.0 - Remote File Inclusion
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to
35RISCO
abrir
Referência
CVE-2008-5180
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of ser
45RISCO
abrir
Referência
Microsoft Office - Communicator 'SIP' Remote Denial of Service
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of ser
45RISCO
abrir
Referência
CVE-2016-3088
CVE-2016-3088CRITICALsob ataque
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2025-2747
CVE-2025-2747CRITICALsob ataque
Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
100RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISCO
abrir
Referência
CVE-2024-28000
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
75RISCO
abrir
Referência
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
75RISCO
abrir
Referência
CVE-2025-2747
CVE-2025-2747CRITICALsob ataque
Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
100RISCO
abrir
Referência
CVE-2018-0775
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due t
35RISCO
abrir
Referência
CVE-2018-0774
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due t
35RISCO
abrir
Referência
CVE-2019-18426
CVE-2019-18426HIGHsob ataque
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.
83RISCO
abrir
Referência
PHP::HTML 0.6.4 - 'PHPhtml.php' Remote File Inclusion
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute
35RISCO
abrir
Referência
XOOPS Module XT-Conteudo - 'spaw_root' Remote File Inclusion
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows
35RISCO
abrir
Referência
CVE-2010-1554
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows r
50RISCO
abrir
Referência
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2
35RISCO
abrir
Referência
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read
50RISCO
abrir
anteriorpágina 43 / 660próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.