Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.107VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleicritical
D-Link Routers - Remote Code Execution
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The i
100RISCO
abrir ↗Nucleimedium
WordPress Visualizer <3.3.1 - Cross-Site Scripting
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute ar
18RISCO
abrir ↗Nucleicritical
Visualizer <3.3.1 - Blind Server-Side Request Forgery
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-d
30RISCO
abrir ↗Nucleihigh
Metinfo 7.0.0 beta - SQL Injection
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?
23RISCO
abrir ↗Nucleihigh
Metinfo 7.0.0 beta - SQL Injection
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the adm
30RISCO
abrir ↗Nucleimedium
Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin
18RISCO
abrir ↗Nucleimedium
WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.
18RISCO
abrir ↗Nucleimedium
WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
18RISCO
abrir ↗Nucleihigh
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options im
18RISCO
abrir ↗Nucleimedium
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
18RISCO
abrir ↗Nucleicritical
Yachtcontrol Webapplication 1.0 - Remote Command Injection
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user vi
30RISCO
abrir ↗Nucleicritical
Zabbix <=4.4 - Authentication Bypass
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass
30RISCO
abrir ↗Nucleihigh
MetInfo 7.0.0 beta - SQL Injection
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchPa
30RISCO
abrir ↗Nucleicritical
Jfrog Artifactory <6.17.0 - Default Admin Password
JFrog Artifactory does not enforce default admin password change
55RISCO
abrir ↗Nucleimedium
Kirona Dynamic Resource Scheduler - Information Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISCO
abrir ↗Nucleicritical
D-Link DIR-868L/817LW - Information Disclosure
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 route
30RISCO
abrir ↗Nucleihigh
Jiangnan Online Judge 0.8.0 - Local File Inclusion
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=
23RISCO
abrir ↗Nucleihigh
Apache Solr <=8.3.1 - Remote Code Execution
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISCO
abrir ↗Nucleicritical
Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST
30RISCO
abrir ↗Nucleicritical
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially
18RISCO
abrir ↗Nucleicritical
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir ↗Nucleimedium
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is m
50RISCO
abrir ↗Nucleicritical
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISCO
abrir ↗Nucleihigh
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerabilit
50RISCO
abrir ↗Nucleimedium
Ignite Realtime Openfire <4.42 - Local File Inclusion
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the
23RISCO
abrir ↗Nucleicritical
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allo
30RISCO
abrir ↗Nucleihigh
DOMOS 5.5 - Local File Inclusion
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
23RISCO
abrir ↗Nucleicritical
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Nucleihigh
Allied Telesis AT-GS950/8 - Local File Inclusion
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] al
23RISCO
abrir ↗Nucleicritical
Xfilesharing 2.5.1 - Arbitrary File Upload
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951
30RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.