Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
DomainMOD <=4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
38RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
38RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
38RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
38RISCO
abrir ↗Nucleicritical
ThinkPHP 5.0.23 - Remote Code Execution
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISCO
abrir ↗Nucleimedium
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows rem
18RISCO
abrir ↗Nucleihigh
WordPress JSmol2WP <=1.07 - Local File Inclusion
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../
23RISCO
abrir ↗Nucleihigh
Tyto Sahi pro 7.x/8.x - Local File Inclusion
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RISCO
abrir ↗Nucleicritical
Roxy Fileman 1.4.5 - Unrestricted File Upload
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RISCO
abrir ↗Nucleihigh
Imcat 4.4 - Phpinfo Configuration
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
23RISCO
abrir ↗Nucleimedium
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScri
30RISCO
abrir ↗Nucleicritical
WordPress Payeezy Pay <=2.97 - Local File Inclusion
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay
18RISCO
abrir ↗Nucleihigh
SAP Internet Graphics Server (IGS) - XML External Entity Injection
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
50RISCO
abrir ↗Nucleicritical
osCommerce 2.3.4.1 - Remote Code Execution
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RISCO
abrir ↗Nucleihigh
Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported
50RISCO
abrir ↗Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Su
50RISCO
abrir ↗Nucleimedium
Oracle E-Business Suite - Blind SSRF
Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subco
23RISCO
abrir ↗Nucleimedium
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The suppo
18RISCO
abrir ↗Nucleimedium
node-srv - Local File Inclusion
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malici
18RISCO
abrir ↗Nucleihigh
Ruby On Rails - Local File Inclusion
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12
43RISCO
abrir ↗Nucleicritical
Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unau
60RISCO
abrir ↗Nucleimedium
Atlassian Jira Confluence - Cross-Site Scripting
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0
30RISCO
abrir ↗Nucleimedium
Grav CMS <1.3.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote
18RISCO
abrir ↗Nucleimedium
WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.p
18RISCO
abrir ↗Nucleimedium
SugarCRM 3.5.1 - Cross-Site Scripting
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
38RISCO
abrir ↗Nucleihigh
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter
50RISCO
abrir ↗Nucleihigh
Zeit Next.js < 4.2.3 - Local File Inclusion
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
18RISCO
abrir ↗Nucleimedium
vBulletin - Open Redirect
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
18RISCO
abrir ↗Nucleicritical
D-Link - Unauthenticated Remote Code Execution
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_
95RISCO
abrir ↗Nucleicritical
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, get
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.