Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
19.791 exploits
Referência
CVE-2026-9815
MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
33RISCO
abrir
Referência
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir
Referência
CVE-2026-8383
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
48RISCO
abrir
Referência
CVE-2026-8089
weMail < 2.1.3 - Reflected Cross-Site Scripting
41RISCO
abrir
Referência
CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f
33RISCO
abrir
Referência
CVE-2025-54236
CVE-2025-54236CRITICALsob ataque
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
Referência
CVE-2021-22502
CVE-2021-22502CRITICALsob ataque
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISCO
abrir
Referência
CVE-2025-20281
CVE-2025-20281CRITICALsob ataque
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
100RISCO
abrir
Referência
CVE-2025-25257
CVE-2025-25257CRITICALsob ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
Referência64
FortiWeb CVE-2025-25257 exploit
CVE-2025-25257CRITICALsob ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
Referência
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
CVE-2025-25257CRITICALsob ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
Referência
CVE-2020-25223
CVE-2020-25223CRITICALsob ataque
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RISCO
abrir
Referência
CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir
Referência
CVE-2023-33246
CVE-2023-33246CRITICALsob ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir
Referência
CVE-2023-33246
CVE-2023-33246CRITICALsob ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir
Referência104
CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
CVE-2023-33246CRITICALsob ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RISCO
abrir
Referência
CVE-2009-0927
CVE-2009-0927HIGHsob ataque
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows r
100RISCO
abrir
Referência
CVE-2023-46747
CVE-2023-46747CRITICALsob ataqueransomware
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RISCO
abrir
Referência
CVE-2020-8260
CVE-2020-8260HIGHsob ataque
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RISCO
abrir
Referência
CVE-2020-11651
CVE-2020-11651CRITICALsob ataque
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Referência
CVE-2020-11651
CVE-2020-11651CRITICALsob ataque
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
Referência
CVE-2017-17562
CVE-2017-17562HIGHsob ataque
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISCO
abrir
Referência
CVE-2026-7229
code-projects Coaching Management System POST reply.php sql injection
33RISCO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHsob ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHsob ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHsob ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Referência
CVE-2021-25298
CVE-2021-25298HIGHsob ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.