Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.166exploits catalogados
31.689CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.135VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.841 exploits
Referência
CVE-2013-2068
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow re
50RISCO
abrir ↗Referência
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description fiel
35RISCO
abrir ↗Referência
CVE-2018-0780
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtai
35RISCO
abrir ↗Referência
phpRealty 0.02 - 'MGR' Multiple Remote File Inclusions
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP cod
35RISCO
abrir ↗Referência
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers t
35RISCO
abrir ↗Referência
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers t
35RISCO
abrir ↗Referência
CVE-2015-7601
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISCO
abrir ↗Referência
CVE-2015-7601
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISCO
abrir ↗Referência
CVE-2018-6605
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, get
50RISCO
abrir ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISCO
abrir ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISCO
abrir ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISCO
abrir ↗Referência
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISCO
abrir ↗Referência
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISCO
abrir ↗Referência
CVE-2009-2485
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a
50RISCO
abrir ↗Referência
HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as u
35RISCO
abrir ↗Referência
XMPlay 3.3.0.4 - '.M3U' Filename Local Buffer Overflow
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via
50RISCO
abrir ↗Referência
CVE-2017-8618
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server
35RISCO
abrir ↗Referência
CVE-2012-4177
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -
50RISCO
abrir ↗Referência
CVE-2025-2746
Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
100RISCO
abrir ↗Referência
CVE-2025-2746
Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
100RISCO
abrir ↗Referência
CVE-2021-46381
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd]
50RISCO
abrir ↗Referência
eNetman 20050830 - 'index.php' Remote File Inclusion
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code
35RISCO
abrir ↗Referência
CVE-2022-30075
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RISCO
abrir ↗Referência
CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/lo
50RISCO
abrir ↗Referência
CVE-2019-10475
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RISCO
abrir ↗Referência
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
35RISCO
abrir ↗Referência
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
35RISCO
abrir ↗Referência
CVE-2016-3078
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denia
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.