Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.159exploits catalogados
31.683CVEs com exploração pública
0testados em laboratório
19.841 exploits
Referência
MKPortal NoBoard Module (Beta) - Remote File Inclusion
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attack
35RISCO
abrir
Referência
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the
68RISCO
abrir
Referência
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RISCO
abrir
Referência
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RISCO
abrir
Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISCO
abrir
Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISCO
abrir
Referência
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISCO
abrir
Referência
CVE-2015-1172
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 a
50RISCO
abrir
Referência
Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 al
50RISCO
abrir
Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISCO
abrir
Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISCO
abrir
Referência
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISCO
abrir
Referência
Racer 0.5.3 Beta 5 - Remote Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbit
50RISCO
abrir
Referência
CVE-2022-2143
Advantech iView
75RISCO
abrir
Referência
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privilege
50RISCO
abrir
Referência
Dayfox Blog 4 - 'postpost.php' Remote Code Execution
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute
35RISCO
abrir
Referência
CVE-2016-9796
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP pro
28RISCO
abrir
Referência
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privilege
50RISCO
abrir
Referência
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof
50RISCO
abrir
Referência
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof
50RISCO
abrir
Referência
Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068)
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 20
50RISCO
abrir
Referência
CVE-2025-34030
sar2html OS Command Injection
75RISCO
abrir
Referência
CVE-2020-3187
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISCO
abrir
Referência
CVE-2008-2463
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snaps
50RISCO
abrir
Referência
CVE-2017-17562
CVE-2017-17562HIGHsob ataque
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISCO
abrir
Referência
CVE-2018-6065
CVE-2018-6065HIGHsob ataque
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Ch
83RISCO
abrir
Referência
ASP.NET w3wp - COM Components Remote Crash
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM com
35RISCO
abrir
Referência
CVE-2021-33393
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISCO
abrir
Referência
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary
50RISCO
abrir
Referência
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary
50RISCO
abrir
anteriorpágina 54 / 662próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.