Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
19.791 exploits
Referência
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir ↗Referência
CVE-2026-9377
SourceCodester SUP Online Shopping productedit.php cross site scripting
33RISCO
abrir ↗Referência
CVE-2026-23760
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RISCO
abrir ↗Referência
CVE-2012-2122
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x befor
60RISCO
abrir ↗Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISCO
abrir ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISCO
abrir ↗Referência
CVE-2022-24112
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISCO
abrir ↗Referência
CVE-2022-24112
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RISCO
abrir ↗Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configura
93RISCO
abrir ↗Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISCO
abrir ↗Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISCO
abrir ↗Referência
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISCO
abrir ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISCO
abrir ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISCO
abrir ↗Referência
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISCO
abrir ↗Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RISCO
abrir ↗Referência
CVE-2014-3871
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds
23RISCO
abrir ↗Referência
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISCO
abrir ↗Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISCO
abrir ↗Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISCO
abrir ↗Referência
CVE-2026-7228
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
33RISCO
abrir ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Referência
CVE-2019-1652
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir ↗Referência
CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.