Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.467 exploits
Exploit-DB
phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
33RISCO
abrir ↗Exploit-DB
Piwigo 13.6.0 - SQL Injection
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
48RISCO
abrir ↗Exploit-DB
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
56RISCO
abrir ↗Exploit-DB
Flowise 3.0.4 - Remote Code Execution (RCE)
Flowise has Remote Code Execution vulnerability
85RISCO
abrir ↗Exploit-DB
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RISCO
abrir ↗Exploit-DB
HTMLDOC 1.9.13 - Stack Buffer Overflow
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim co
23RISCO
abrir ↗Exploit-DB
HTTP/2 2.0 - Denial Of Service (DOS)
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISCO
abrir ↗Exploit-DB
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RISCO
abrir ↗Exploit-DB
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗Exploit-DB
Mbed TLS 3.6.4 - Use-After-Free
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance wit
41RISCO
abrir ↗Exploit-DB
ClipBucket 5.5.0 - Arbitrary File Upload
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in
41RISCO
abrir ↗Exploit-DB
Tourism Management System 2.0 - Arbitrary Shell Upload
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP she
41RISCO
abrir ↗Exploit-DB
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpo
48RISCO
abrir ↗Exploit-DB
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
33RISCO
abrir ↗Exploit-DB
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to cred
33RISCO
abrir ↗Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerabili
46RISCO
abrir ↗Exploit-DB
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
Authentication Bypass
100RISCO
abrir ↗Exploit-DB
BigAnt Office Messenger 5.6.06 - SQL Injection
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
33RISCO
abrir ↗Exploit-DB
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_sec
48RISCO
abrir ↗Exploit-DB
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir ↗Exploit-DB
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
41RISCO
abrir ↗Exploit-DB
Tenda AC20 16.03.08.12 - Command Injection
Tenda AC20 Telnet Service telnet websFormDefine command injection
38RISCO
abrir ↗Exploit-DB
PHPMyAdmin 3.0 - Bruteforce Login Bypass
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allo
23RISCO
abrir ↗Exploit-DB
Grav CMS 1.7.48 - Remote Code Execution (RCE)
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISCO
abrir ↗Exploit-DB
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir ↗Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RISCO
abrir ↗Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗Exploit-DB
Cisco ISE 3.0 - Remote Code Execution (RCE)
Cisco Identity Services Engine Java Deserialization Vulnerability
53RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.