Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.810 exploits
Referência
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RISCO
abrir ↗Referência
CVE-2018-18982
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RISCO
abrir ↗Referência
PHP-Nuke 8.0 Final - HTTP Referers SQL Injection
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" blo
35RISCO
abrir ↗Referência
CVE-2015-7603
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via
50RISCO
abrir ↗Referência
CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RISCO
abrir ↗Referência
CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RISCO
abrir ↗Referência
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
45RISCO
abrir ↗Referência
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, contro
50RISCO
abrir ↗Referência
CVE-2012-4333
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
50RISCO
abrir ↗Referência
CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RISCO
abrir ↗Referência
CVE-2017-5941
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RISCO
abrir ↗Referência
CVE-2017-5941
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RISCO
abrir ↗Referência
CVE-2025-40553
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
60RISCO
abrir ↗Referência
CVE-2021-24499
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISCO
abrir ↗Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISCO
abrir ↗Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISCO
abrir ↗Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISCO
abrir ↗Referência
CVE-2016-3074
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of
35RISCO
abrir ↗Referência
XLAtunes 0.1 - 'album' SQL Injection
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL com
23RISCO
abrir ↗Referência
CVE-2019-17662
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir ↗Referência
CVE-2010-2333
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISCO
abrir ↗Referência
CVE-2020-3250
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
75RISCO
abrir ↗Referência
CVE-2011-0257
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a deni
50RISCO
abrir ↗Referência
AnyInventory 2.0 - 'Environment.php' Remote File Inclusion
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabl
35RISCO
abrir ↗Referência
CVE-2014-10021
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RISCO
abrir ↗Referência
CVE-2019-5485
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be inje
35RISCO
abrir ↗Referência
CVE-2017-11841
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio
35RISCO
abrir ↗Referência
CVE-2017-11870
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the
35RISCO
abrir ↗Referência
CVE-2016-3074
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of
35RISCO
abrir ↗Referência
CVE-2018-7314
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerabil
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.