Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
Zimbra Collaboration Suite - Cross-site Scripting
CVE-2018-6882MEDIUMsob ataqueransomware
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Sui
63RISCO
abrir
Nucleihigh
DedeCMS 5.7 - Path Disclosure
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/in
23RISCO
abrir
Nucleicritical
VMware NSX SD-WAN Edge - Command Injection
CVE-2018-6961HIGHsob ataque
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web U
100RISCO
abrir
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remot
18RISCO
abrir
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attac
18RISCO
abrir
Nucleimedium
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers
18RISCO
abrir
Nucleicritical
Anchor CMS 0.12.3 - Error Log Exposure
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RISCO
abrir
Nucleicritical
TITool PrintMonitor - Blind SQL Injection
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based b
23RISCO
abrir
Nucleicritical
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerabil
50RISCO
abrir
Nucleihigh
WordPress Site Editor <=1.1.1 - Local File Inclusion
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to re
50RISCO
abrir
Nucleihigh
AxxonSoft Axxon Next - Local File Inclusion
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.
23RISCO
abrir
Nucleihigh
uWSGI PHP Plugin Local File Inclusion
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversa
50RISCO
abrir
Nucleicritical
Drupal - Remote Code Execution
CVE-2018-7600CRITICALsob ataqueransomware
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
Nucleicritical
Drupal - Remote Code Execution
CVE-2018-7602CRITICALsob ataqueransomware
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
100RISCO
abrir
Nucleimedium
YzmCMS v3.6 - Cross-Site Scripting
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
38RISCO
abrir
Nucleimedium
CouchCMS <= 2.0 - Path Disclosure
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.fun
30RISCO
abrir
Nucleihigh
DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php
40RISCO
abrir
Nucleihigh
Acrolinx Server <5.2.5 - Local File Inclusion
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
50RISCO
abrir
Nucleihigh
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software ve
18RISCO
abrir
Nucleicritical
Schneider Electric U.motion Builder - Remote Code Execution
CVE-2018-7841CRITICALsob ataque
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RISCO
abrir
Nucleimedium
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console
30RISCO
abrir
Nucleimedium
Apache Spark UI - Cross-Site Scripting
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointin
18RISCO
abrir
Nucleihigh
Apache OFBiz - XML External Entity Injection
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles re
23RISCO
abrir
Nucleihigh
AppWeb - Authentication Bypass
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in
23RISCO
abrir
Nucleimedium
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-securit
43RISCO
abrir
Nucleihigh
Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system
18RISCO
abrir
Nucleimedium
Cobub Razor 0.8.0 - Information Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, contro
50RISCO
abrir
Nucleicritical
PrestaShop Responsive Mega Menu Module - Remote Code Execution
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for Pre
30RISCO
abrir
Nucleihigh
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Direct
50RISCO
abrir
Nucleicritical
PrismaWEB - Credentials Disclosure
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the
30RISCO
abrir
anteriorpágina 24 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.