Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
Reflected XSS in wordpress plugin pondol-formmail v1.1
18RISCO
abrir ↗Nucleimedium
WordPress S3 Video <=0.983 - Cross-Site Scripting
Reflected XSS in wordpress plugin s3-video v0.983
18RISCO
abrir ↗Nucleimedium
WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
18RISCO
abrir ↗Nucleimedium
WordPress Tidio-form <=1.0 - Cross-Site Scripting
Reflected XSS in wordpress plugin tidio-form v1.0
18RISCO
abrir ↗Nucleimedium
WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
Reflected XSS in wordpress plugin tidio-gallery v1.1
18RISCO
abrir ↗Nucleimedium
WordPress WHIZZ <=1.0.7 - Cross-Site Scripting
Reflected XSS in wordpress plugin whizz v1.0.7
18RISCO
abrir ↗Nucleimedium
WordPress WPSOLR <=8.6 - Cross-Site Scripting
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
18RISCO
abrir ↗Nucleicritical
WordPress PHPMailer < 5.2.18 - Remote Code Execution
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RISCO
abrir ↗Nucleicritical
Western Digital MyCloud NAS - Command Injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytic
40RISCO
abrir ↗Nucleicritical
Zabbix - SQL Injection
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQ
40RISCO
abrir ↗Nucleihigh
Opsview Monitor Pro - Local File Inclusion
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a ce
23RISCO
abrir ↗Nucleimedium
Opsview Monitor Pro - Open Redirect
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.16239
18RISCO
abrir ↗Nucleihigh
Wordpress Zedna eBook download <1.2 - Local File Inclusion
The ebook-download plugin before 1.2 for WordPress has directory traversal.
43RISCO
abrir ↗Nucleihigh
WordPress zm-gallery plugin 1.0 SQL Injection
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
18RISCO
abrir ↗Nucleihigh
WordPress Mail Masta 1.0 - Local File Inclusion
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
23RISCO
abrir ↗Nucleihigh
WordPress wSecure Lite < 2.4 - Remote Code Execution
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php
18RISCO
abrir ↗Nucleicritical
Newspaper Theme 6.4–6.7.1 - Privilege Escalation
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
18RISCO
abrir ↗Nucleimedium
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter
18RISCO
abrir ↗Nucleimedium
Safe Editor Plugin < 1.2 - CSS/JS-injection
The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.
18RISCO
abrir ↗Nucleimedium
ScoreMe Theme - Cross-Site Scripting
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
18RISCO
abrir ↗Nucleihigh
MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting
56RISCO
abrir ↗Nucleicritical
WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
63RISCO
abrir ↗Nucleicritical
WP Mobile Detector <= 3.5 - Unrestricted File Upload
WP Mobile Detector <= 3.5 - Arbitrary File Upload
48RISCO
abrir ↗Nucleicritical
NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
100RISCO
abrir ↗Nucleihigh
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMI
50RISCO
abrir ↗Nucleihigh
Apache S2-032 Struts - Remote Code Execution
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RISCO
abrir ↗Nucleicritical
Apache ActiveMQ Fileserver - Arbitrary File Write
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISCO
abrir ↗Nucleimedium
Fortinet FortiOS - Open Redirect/Cross-Site Scripting
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote
18RISCO
abrir ↗Nucleihigh
Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.