Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.841 exploits
Referência
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir ↗Referência
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir ↗Referência
C6 Messenger - ActiveX Remote Download and Execute
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force
50RISCO
abrir ↗Referência
CVE-2019-15984
Cisco Data Center Network Manager SQL Injection Vulnerabilities
53RISCO
abrir ↗Referência
CVE-2021-39608
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
35RISCO
abrir ↗Referência
CVE-2015-6127
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers t
50RISCO
abrir ↗Referência
Segue CMS 1.8.4 - 'index.php' Remote File Inclusion
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled,
35RISCO
abrir ↗Referência
CVE-2011-0096
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Wind
45RISCO
abrir ↗Referência
CVE-2010-2590
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753
50RISCO
abrir ↗Referência
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir ↗Referência
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir ↗Referência
CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does
60RISCO
abrir ↗Referência
CVE-2014-0282
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
35RISCO
abrir ↗Referência
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISCO
abrir ↗Referência
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISCO
abrir ↗Referência
PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vi
35RISCO
abrir ↗Referência
WordPress Plugin BackUpWordPress 0.4.2b - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow
35RISCO
abrir ↗Referência
CVE-2017-0084
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server
35RISCO
abrir ↗Referência
CVE-2019-9879
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever
50RISCO
abrir ↗Referência
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary fil
83RISCO
abrir ↗Referência
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary fil
83RISCO
abrir ↗Referência
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are
83RISCO
abrir ↗Referência
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expect
50RISCO
abrir ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir ↗Referência
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir ↗Referência
Vortex Portal 1.0.42 - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary P
35RISCO
abrir ↗Referência
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir ↗Referência
CVE-2014-9195
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RISCO
abrir ↗Referência
CVE-2018-7719
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.