Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
19.841 exploits
Referência
Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1
50RISCO
abrir
Referência
CVE-2019-17503
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISCO
abrir
Referência
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RISCO
abrir
Referência
CVE-2015-5134
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linu
35RISCO
abrir
Referência
CVE-2015-5127
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linu
35RISCO
abrir
Referência
CVE-2023-28252
CVE-2023-28252HIGHsob ataqueransomware
Windows Common Log File System Driver Elevation of Privilege Vulnerability
98RISCO
abrir
Referência
Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to ex
50RISCO
abrir
Referência
Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to ex
50RISCO
abrir
Referência
CVE-2017-11793
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Window
35RISCO
abrir
Referência
CVE-2011-0514
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash)
50RISCO
abrir
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISCO
abrir
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISCO
abrir
Referência
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISCO
abrir
Referência
ACDSee 9.0 - '.xpm' Local Buffer Overflow
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build
50RISCO
abrir
Referência
Eznet 3.5.0 - Remote Stack Overflow / Denial of Service
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare
35RISCO
abrir
Referência
PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BE
35RISCO
abrir
Referência
CVE-2016-0170
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012
35RISCO
abrir
Referência
CVE-2020-16009
CVE-2020-16009HIGHsob ataque
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially expl
83RISCO
abrir
Referência
CVE-2018-14392
The New Threads plugin before 1.2 for MyBB has XSS.
35RISCO
abrir
Referência
BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_gl
50RISCO
abrir
Referência
CVE-2013-2568
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless
35RISCO
abrir
Referência
CVE-2023-4547
SPA-Cart eCommerce CMS search cross site scripting
55RISCO
abrir
Referência
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe
50RISCO
abrir
Referência
CVE-2021-40875
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RISCO
abrir
Referência
CVE-2009-0182
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in
50RISCO
abrir
Referência
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t
75RISCO
abrir
Referência
CVE-2020-5377
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RISCO
abrir
Referência
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RISCO
abrir
Referência
CVE-2012-2110
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before
35RISCO
abrir
Referência
CVE-2013-3563
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a de
50RISCO
abrir
anteriorpágina 64 / 662próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.