Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
TOTOLINK N300RB 8.54 - Command Execution
CVE-2025-52089HIGH16 jul 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenti
41RISCO
abrir
Exploit-DB
ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
CVE-2025-47228MEDIUM08 jul 2025
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connecti
38RISCO
abrir
Exploit-DB
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
CVE-2024-50477CRITICAL08 jul 2025
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability
63RISCO
abrir
Exploit-DB
Sudo chroot 1.9.17 - Local Privilege Escalation
CVE-2025-32463CRITICALsob ataque08 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
Exploit-DB
Sudo 1.9.17 Host Option - Elevation of Privilege
CVE-2025-32462LOW08 jul 2025
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allo
28RISCO
abrir
Exploit-DB
Discourse 3.2.x - Anonymous Cache Poisoning
CVE-2024-47773HIGH08 jul 2025
Anonymous cache poisoning via XHR requests in Discourse
41RISCO
abrir
Exploit-DB
Microsoft Outlook - Remote Code Execution (RCE)
CVE-2025-47171MEDIUM08 jul 2025
Microsoft Outlook Remote Code Execution Vulnerability
33RISCO
abrir
Exploit-DB
Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
CVE-2025-47175HIGH08 jul 2025
Microsoft PowerPoint Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Moodle 4.4.0 - Authenticated Remote Code Execution
CVE-2024-43425HIGH02 jul 2025
Moodle: remote code execution via calculated question types
78RISCO
abrir
Exploit-DB
Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
CVE-2025-47812CRITICALsob ataque02 jul 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
Exploit-DB
gogs 0.13.0 - Remote Code Execution (RCE)
CVE-2024-39930CRITICAL02 jul 2025
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code
48RISCO
abrir
Exploit-DB
Microsoft SharePoint 2019 - NTLM Authentication
CVE-2025-47166HIGH02 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
46RISCO
abrir
Exploit-DB
Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
CVE-2025-49132CRITICAL26 jun 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
Exploit-DB
Sitecore 10.4 - Remote Code Execution (RCE)
CVE-2025-27218MEDIUM26 jun 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RISCO
abrir
Exploit-DB
Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
CVE-2019-9978MEDIUMsob ataque26 jun 2025
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISCO
abrir
Exploit-DB
freeSSHd 1.0.9 - Denial of Service (DoS)
CVE-2024-0723MEDIUM26 jun 2025
freeSSHd denial of service
33RISCO
abrir
Exploit-DB
Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
CVE-2025-47165HIGH26 jun 2025
Microsoft Excel Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
CVE-2024-50562MEDIUM20 jun 2025
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, ve
33RISCO
abrir
Exploit-DB
Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
CVE-2025-47957HIGH20 jun 2025
Microsoft Word Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
CVE-2025-1974CRITICAL20 jun 2025
ingress-nginx admission controller RCE escalation
85RISCO
abrir
Exploit-DB
PCMan FTP Server 2.0.7 - Buffer Overflow
CVE-2025-4255MEDIUM15 jun 2025
PCMan FTP Server RMD Command buffer overflow
33RISCO
abrir
Exploit-DB
PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
CVE-2024-4577CRITICALsob ataqueransomware15 jun 2025
Argument Injection in PHP-CGI
100RISCO
abrir
Exploit-DB
Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
CVE-2025-33073HIGHsob ataque15 jun 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RISCO
abrir
Exploit-DB
Freefloat FTP Server 1.0 - Remote Buffer Overflow
CVE-2025-5548MEDIUM13 jun 2025
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
Exploit-DB
Windows File Explorer Windows 10 Pro x64 - TAR Extraction
CVE-2025-24071MEDIUM13 jun 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir
Exploit-DB
Roundcube 1.6.10 - Remote Code Execution (RCE)
CVE-2025-49113CRITICALsob ataque13 jun 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
Exploit-DB
ProSSHD 1.2 20090726 - Denial of Service (DoS)
CVE-2024-0725MEDIUM09 jun 2025
ProSSHD denial of service
33RISCO
abrir
Exploit-DB
TightVNC 2.8.83 - Control Pipe Manipulation
CVE-2024-42049CRITICAL09 jun 2025
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
48RISCO
abrir
Exploit-DB
Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
CVE-2025-24076HIGH09 jun 2025
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
41RISCO
abrir
Exploit-DB
Laravel Pulse 1.3.1 - Arbitrary Code Injection
CVE-2024-55661HIGH09 jun 2025
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
46RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.