Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.294exploits catalogados
31.742CVEs com exploração pública
0testados em laboratório
19.888 exploits
Referência
CVE-2015-2468
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office fo
28RISCO
abrir
Referência
CVE-2016-0108
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory co
35RISCO
abrir
Referência
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISCO
abrir
Referência
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISCO
abrir
Referência
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISCO
abrir
Referência
CVE-2010-0467
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attac
50RISCO
abrir
Referência
CVE-2016-0168
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012
35RISCO
abrir
Referência
CVE-2016-0169
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012
35RISCO
abrir
Referência
CVE-2017-0061
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and
35RISCO
abrir
Referência
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
50RISCO
abrir
Referência
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
50RISCO
abrir
Referência
Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows r
35RISCO
abrir
Referência
CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9,
35RISCO
abrir
Referência
CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9,
35RISCO
abrir
Referência
CVE-2018-3811
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthentica
35RISCO
abrir
Referência
CVE-2017-16651
CVE-2017-16651HIGHsob ataque
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary file
98RISCO
abrir
Referência
CVE-2014-1610
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is
50RISCO
abrir
Referência
CVE-2022-4060
User Post Gallery <= 2.19 - Unauthenticated RCE
75RISCO
abrir
Referência
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution throug
50RISCO
abrir
Referência
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1
50RISCO
abrir
Referência
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1
50RISCO
abrir
Referência
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1
50RISCO
abrir
Referência
UltraISO 9.3.3.2685 - CCD/IMG Universal Buffer Overflow
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of ser
50RISCO
abrir
Referência
CVE-2018-0114
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker
35RISCO
abrir
Referência32
CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
60RISCO
abrir
Referência
CVE-2025-64155-hunter
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
60RISCO
abrir
Referência
CVE-2016-4232
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632
35RISCO
abrir
Referência
CVE-2011-3490
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to
35RISCO
abrir
Referência
TikiWiki 1.9 Sirius - 'jhot.php' Remote Command Execution
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execu
50RISCO
abrir
Referência
CVE-2018-5767
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code
35RISCO
abrir
anteriorpágina 71 / 663próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.