Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
CVE-2024-41358MEDIUM02 dez 2025
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
33RISCO
abrir
Exploit-DB
Piwigo 13.6.0 - SQL Injection
CVE-2023-33362CRITICAL02 dez 2025
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
48RISCO
abrir
Exploit-DB
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
CVE-2022-3766HIGH02 dez 2025
Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
56RISCO
abrir
Exploit-DB
phpIPAM 1.5.1 - SQL Injection
CVE-2023-1211HIGH02 dez 2025
SQL Injection in phpipam/phpipam
41RISCO
abrir
Exploit-DB
Flowise 3.0.4 - Remote Code Execution (RCE)
CVE-2025-59528CRITICAL31 out 2025
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
Exploit-DB
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
CVE-2023-3492729 out 2025
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RISCO
abrir
Exploit-DB
HTMLDOC 1.9.13 - Stack Buffer Overflow
CVE-2021-4357916 set 2025
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim co
23RISCO
abrir
Exploit-DB
HTTP/2 2.0 - Denial Of Service (DOS)
CVE-2023-44487HIGHsob ataque16 set 2025
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISCO
abrir
Exploit-DB
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
CVE-2023-3492716 set 2025
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RISCO
abrir
Exploit-DB
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
CVE-2025-24893CRITICALsob ataque16 set 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
Exploit-DB
Mbed TLS 3.6.4 - Use-After-Free
CVE-2025-47917HIGH16 set 2025
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance wit
41RISCO
abrir
Exploit-DB
ClipBucket 5.5.0 - Arbitrary File Upload
CVE-2025-55912HIGH16 set 2025
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in
41RISCO
abrir
Exploit-DB
Tourism Management System 2.0 - Arbitrary Shell Upload
CVE-2025-57642HIGH16 set 2025
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP she
41RISCO
abrir
Exploit-DB
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
CVE-2025-8311CRITICAL16 set 2025
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpo
48RISCO
abrir
Exploit-DB
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
CVE-2025-6082MEDIUM26 ago 2025
Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
33RISCO
abrir
Exploit-DB
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
CVE-2025-7441CRITICAL26 ago 2025
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
CVE-2025-26263MEDIUM26 ago 2025
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to cred
33RISCO
abrir
Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
CVE-2025-26264HIGH26 ago 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerabili
46RISCO
abrir
Exploit-DB
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
CVE-2025-4427MEDIUMsob ataque26 ago 2025
Authentication Bypass
100RISCO
abrir
Exploit-DB
BigAnt Office Messenger 5.6.06 - SQL Injection
CVE-2024-54761MEDIUM18 ago 2025
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
33RISCO
abrir
Exploit-DB
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
CVE-2024-28623MEDIUM18 ago 2025
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_sec
48RISCO
abrir
Exploit-DB
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
CVE-2025-50154MEDIUM18 ago 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir
Exploit-DB
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
CVE-2025-7766HIGH18 ago 2025
Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
41RISCO
abrir
Exploit-DB
Tenda AC20 16.03.08.12 - Command Injection
CVE-2025-9090MEDIUM18 ago 2025
Tenda AC20 Telnet Service telnet websFormDefine command injection
38RISCO
abrir
Exploit-DB
PHPMyAdmin 3.0 - Bruteforce Login Bypass
CVE-2015-683018 ago 2025
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allo
23RISCO
abrir
Exploit-DB
Grav CMS 1.7.48 - Remote Code Execution (RCE)
CVE-2025-50286HIGH11 ago 2025
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISCO
abrir
Exploit-DB
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
CVE-2025-2783HIGHsob ataque11 ago 2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir
Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
CVE-2024-4879CRITICALsob ataque11 ago 2025
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RISCO
abrir
Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
CVE-2024-27198CRITICALsob ataqueransomware11 ago 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
Exploit-DB
Cisco ISE 3.0 - Remote Code Execution (RCE)
CVE-2025-20124CRITICAL11 ago 2025
Cisco Identity Services Engine Java Deserialization Vulnerability
53RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.