Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.841 exploits
Referência
CVE-2019-15276
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
53RISCO
abrir ↗Referência
CVE-2023-6875
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RISCO
abrir ↗Referência
BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arb
35RISCO
abrir ↗Referência
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows r
35RISCO
abrir ↗Referência
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows r
35RISCO
abrir ↗Referência
CVE-2013-5036
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter t
50RISCO
abrir ↗Referência
CVE-2017-11903
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Se
35RISCO
abrir ↗Referência
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISCO
abrir ↗Referência
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISCO
abrir ↗Referência
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Manage
35RISCO
abrir ↗Referência
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
60RISCO
abrir ↗Referência
CVE-2010-4749
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to
23RISCO
abrir ↗Referência
CVE-2012-6530
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users w
50RISCO
abrir ↗Referência
CVE-2018-10201
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible t
50RISCO
abrir ↗Referência
CVE-2021-27964
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RISCO
abrir ↗Referência
CVE-2014-2671
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corrupt
35RISCO
abrir ↗Referência
CVE-2014-2671
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corrupt
35RISCO
abrir ↗Referência
CVE-2018-20470
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RISCO
abrir ↗Referência
DFD Cart 1.1 - Multiple Remote File Inclusions
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allo
35RISCO
abrir ↗Referência
Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, Rea
50RISCO
abrir ↗Referência
CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISCO
abrir ↗Referência
CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISCO
abrir ↗Referência
Microsoft DirectX SAMI File Parsing - Remote Stack Overflow
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for
50RISCO
abrir ↗Referência
CVE-2022-35411
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header i
35RISCO
abrir ↗Referência
ShoutPro 1.5.2 - 'shout.php' Remote Code Injection
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary
35RISCO
abrir ↗Referência
CVE-2011-5171
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to e
50RISCO
abrir ↗Referência
FeedMon 2.7.0.0 - outline Tag Buffer Overflow (PoC)
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbi
50RISCO
abrir ↗Referência
feedDemon 2.7 - OPML Outline Tag Buffer Overflow
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbi
50RISCO
abrir ↗Referência
Opera 9.60 - Persistent Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary w
50RISCO
abrir ↗Referência
CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.