Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
OEcms 3.1 - Cross-Site Scripting
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerabil
38RISCO
abrir ↗Nucleicritical
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection A
50RISCO
abrir ↗Nucleihigh
Seagate NAS OS 4.3.15.1 - Server Information Disclosure
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attac
23RISCO
abrir ↗Nucleimedium
Seagate NAS OS 4.3.15.1 - Open Redirect
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in th
18RISCO
abrir ↗Nucleicritical
Intelbras NPLUG 1.0.0.14 - Authentication Bypass
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate
18RISCO
abrir ↗Nucleihigh
PhpMyAdmin <4.8.2 - Local File Inclusion
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RISCO
abrir ↗Nucleicritical
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/lo
50RISCO
abrir ↗Nucleimedium
SV3C HD Camera L Series - Open Redirect
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin
18RISCO
abrir ↗Nucleimedium
Spring MVC Framework - Local File Inclusion
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app
30RISCO
abrir ↗Nucleicritical
Spring Data Commons - Remote Code Execution
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property
100RISCO
abrir ↗Nucleihigh
Webgrind <= 1.5 - Local File Inclusion
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the we
23RISCO
abrir ↗Nucleimedium
Zoho manageengine - Cross-Site Scripting
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network
40RISCO
abrir ↗Nucleimedium
TOTOLINK A3002RU 1.0.8 - Information Disclosure
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password
18RISCO
abrir ↗Nucleihigh
Apache Tika < 1.1.8 - Header Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISCO
abrir ↗Nucleicritical
Fortinet FortiOS - Credentials Disclosure
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISCO
abrir ↗Nucleimedium
Fortinet FortiOS - Cross-Site Scripting
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and
40RISCO
abrir ↗Nucleimedium
Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclos
38RISCO
abrir ↗Nucleimedium
Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
18RISCO
abrir ↗Nucleicritical
VelotiSmart Wifi - Directory Traversal
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../..
50RISCO
abrir ↗Nucleimedium
Orange Forum 1.4.0 - Open Redirect
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
18RISCO
abrir ↗Nucleimedium
Django - Open Redirect
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
23RISCO
abrir ↗Nucleicritical
Responsive filemanager 9.13.1 Server-Side Request Forgery
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
60RISCO
abrir ↗Nucleihigh
cgit < 1.2.1 - Directory Traversal
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RISCO
abrir ↗Nucleicritical
Loytec LGATE-902 <6.4.2 - Local File Inclusion
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
23RISCO
abrir ↗Nucleihigh
LOYTEC LGATE-902 6.3.2 - Local File Inclusion
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
23RISCO
abrir ↗Nucleimedium
Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exis
18RISCO
abrir ↗Nucleicritical
NUUO NVRmini - Remote Command Execution
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RISCO
abrir ↗Nucleihigh
LG-Ericsson iPECS NMS 30M - Local File Inclusion
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
23RISCO
abrir ↗Nucleihigh
D-Link Central WifiManager - Server-Side Request Forgery
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an
30RISCO
abrir ↗Nucleihigh
Responsive FileManager <9.13.4 - Local File Inclusion
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.