Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleihigh
Spring Security OAuth2 Remote Command Execution
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1
60RISCO
abrir ↗Nucleicritical
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
Netgear DGN2200 and DGND3700 disclose the administrator password
23RISCO
abrir ↗Nucleicritical
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR Rea
60RISCO
abrir ↗Nucleicritical
vBulletin <= 4.2.3 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 bef
50RISCO
abrir ↗Nucleihigh
NETGEAR Routers - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.B
100RISCO
abrir ↗Nucleihigh
ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir ↗Nucleicritical
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
40RISCO
abrir ↗Nucleihigh
Sony IPELA Engine IP Camera - Hardcoded Account
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC
18RISCO
abrir ↗Nucleimedium
SPIP <3.1.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject
18RISCO
abrir ↗Nucleimedium
Aruba Airwave <8.2.3.1 - Cross-Site Scripting
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). Th
43RISCO
abrir ↗Nucleihigh
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler
23RISCO
abrir ↗Nucleihigh
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RISCO
abrir ↗Nucleihigh
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that
18RISCO
abrir ↗Nucleimedium
Phoenix Framework - Open Redirect
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to u
18RISCO
abrir ↗Nucleihigh
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
jqueryFileTree 2.1.5 and older Directory Traversal
50RISCO
abrir ↗Nucleicritical
Primetek Primefaces 5.x - Remote Code Execution
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RISCO
abrir ↗Nucleihigh
Oracle Content Server - Cross-Site Scripting
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supp
23RISCO
abrir ↗Nucleihigh
Oracle WebLogic Server - Remote Command Execution
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RISCO
abrir ↗Nucleihigh
Yaws 1.91 - Local File Inclusion
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: th
60RISCO
abrir ↗Nucleimedium
phpLDAPadmin <= 1.2.3 - Reflected XSS
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
18RISCO
abrir ↗Nucleicritical
DataTaker DT80 dEX 1.50.012 - Information Disclosure
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a d
50RISCO
abrir ↗Nucleicritical
Subrion CMS <4.1.5.10 - SQL Injection
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
23RISCO
abrir ↗Nucleihigh
ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the path
40RISCO
abrir ↗Nucleimedium
FineCMS <5.0.9 - Open Redirect
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
18RISCO
abrir ↗Nucleihigh
XML-RPC Server - Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir ↗Nucleimedium
FineCMS <=5.0.10 - Cross-Site Scripting
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=ap
18RISCO
abrir ↗Nucleimedium
XOOPS Core 2.5.8 - Open Redirect
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
18RISCO
abrir ↗Nucleicritical
Jboss Application Server - Remote Code Execution
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter
100RISCO
abrir ↗Nucleicritical
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RISCO
abrir ↗Nucleimedium
HPE System Management - Cross-Site Scripting
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.