Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Submitty <= 20.04.01 - Open Redirect
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.
18RISCO
abrir
Nucleihigh
Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the w
36RISCO
abrir
Nucleihigh
Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parame
30RISCO
abrir
Nucleicritical
Netsweeper <=6.4.3 - Python Code Injection
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain
40RISCO
abrir
Nucleimedium
Contentful <=2020-05-21 - Cross-Site Scripting
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.p
18RISCO
abrir
Nucleihigh
Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows
60RISCO
abrir
Nucleihigh
Microweber <1.1.20 - Information Disclosure
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose
23RISCO
abrir
Nucleimedium
Bitrix24 <=20.0.0 - Cross-Site Scripting
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/
18RISCO
abrir
Nucleicritical
rConfig 3.9 - Authentication Bypass(Admin Login)
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account cr
40RISCO
abrir
Nucleicritical
wpDiscuz <= 5.3.5 - SQL Injection
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute
23RISCO
abrir
Nucleihigh
WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object r
23RISCO
abrir
Nucleimedium
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
18RISCO
abrir
Nucleihigh
Artica Pandora FMS 7.44 - Remote Code Execution
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
40RISCO
abrir
Nucleihigh
Intelbras TIP 200/200 LITE/300 - Local File Inclusion
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?pag
18RISCO
abrir
Nucleicritical
Airflow Experimental <1.10.11 - REST API Auth Bypass
CVE-2020-13927CRITICALsob ataque
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RISCO
abrir
Nucleimedium
Apache Kylin - Exposed Configuration File
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.
40RISCO
abrir
Nucleicritical
Apache Unomi <1.5.2 - Remote Code Execution
Remote Code Execution in Apache Unomi
50RISCO
abrir
Nucleimedium
Apache APISIX - Insufficiently Protected Credentials
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the
40RISCO
abrir
Nucleicritical
WordPress PayPal Pro <1.1.65 - SQL Injection
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
40RISCO
abrir
Nucleihigh
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer envir
40RISCO
abrir
Nucleimedium
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field
40RISCO
abrir
Nucleimedium
Jira Server and Data Center - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
60RISCO
abrir
Nucleimedium
Agentejo Cockpit 0.10.2 - Cross-Site Scripting
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login rou
18RISCO
abrir
Nucleimedium
NeDi 1.9C - Cross-Site Scripting
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function at
18RISCO
abrir
Nucleicritical
Oracle WebLogic Server - Remote Command Execution
CVE-2020-14750CRITICALsob ataque
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Nucleihigh
Oracle Fusion - Directory Traversal/Local File Inclusion
CVE-2020-14864HIGHsob ataque
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RISCO
abrir
Nucleicritical
Oracle Weblogic Server - Remote Command Execution
CVE-2020-14882CRITICALsob ataque
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Nucleihigh
Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
CVE-2020-14883HIGHsob ataque
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISCO
abrir
Nucleihigh
Suprema BioStar <2.8.2 - Local File Inclusion
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary fi
50RISCO
abrir
Nucleilow
PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
Information exposure in the upload directory in PrestaShop
28RISCO
abrir
anteriorpágina 34 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.