Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleihigh
MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir
Nucleimedium
IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet
18RISCO
abrir
Nucleicritical
Hikvision - Authentication Bypass
CVE-2017-7921CRITICALsob ataque
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISCO
abrir
Nucleicritical
Dahua Security - Configuration File Disclosure
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
30RISCO
abrir
Nucleicritical
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions pri
60RISCO
abrir
Nucleicritical
Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative cred
40RISCO
abrir
Nucleicritical
Joomla! <3.7.1 - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RISCO
abrir
Nucleimedium
Reflected XSS - Telerik Reporting Module
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms
18RISCO
abrir
Nucleimedium
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
18RISCO
abrir
Nucleimedium
Odoo 8.0/9.0/10.0 - Local File Inclusion
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to rea
18RISCO
abrir
Nucleimedium
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before
60RISCO
abrir
Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
CVE-2017-9791CRITICALsob ataque
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passe
100RISCO
abrir
Nucleihigh
Apache Struts2 S2-052 - Remote Code Execution
CVE-2017-9805HIGHsob ataque
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISCO
abrir
Nucleihigh
DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
CVE-2017-9822HIGHsob ataqueransomware
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RISCO
abrir
Nucleihigh
BOA Web Server 0.94.14 - Arbitrary File Access
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read
50RISCO
abrir
Nucleicritical
PHPUnit - Remote Code Execution
CVE-2017-9841CRITICALsob ataque
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir
Nucleimedium
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2
18RISCO
abrir
Nucleicritical
Cisco RV132W/RV134W Router - Information Disclosure
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VP
40RISCO
abrir
Nucleihigh
Cisco ASA - Local File Inclusion
CVE-2018-0296HIGHsob ataque
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RISCO
abrir
Nucleimedium
Jolokia 1.3.7 - Cross-Site Scripting
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute ma
23RISCO
abrir
Nucleihigh
Jolokia Agent - JNDI Code Injection
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to
40RISCO
abrir
Nucleicritical
Cobbler - Authentication Bypass
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibl
23RISCO
abrir
Nucleicritical
GitList < 0.6.0 Remote Code Execution
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RISCO
abrir
Nucleihigh
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCrede
40RISCO
abrir
Nucleimedium
Sympa version =>6.2.16 - Cross-Site Scripting
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in
18RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) v
18RISCO
abrir
Nucleicritical
Jenkins - Remote Command Injection
CVE-2018-1000861CRITICALsob ataque
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RISCO
abrir
Nucleicritical
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE
50RISCO
abrir
Nucleihigh
AudioCodes 420HD - Remote Code Execution
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RISCO
abrir
Nucleimedium
Dolibarr <7.0.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script
40RISCO
abrir
anteriorpágina 18 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.