Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Traefik - Open Redirect
Open redirect in Traefik
28RISCO
abrir
Nucleicritical
Yii 2 < 2.0.38 - Remote Code Execution
Unsafe deserialization in Yii 2
58RISCO
abrir
Nucleicritical
Nette Framework - Remote Code Execution
Remote Code Execution vulnerability
68RISCO
abrir
Nucleicritical
DrayTek Vigor - Command Injection
CVE-2020-15415CRITICALsob ataque
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote
95RISCO
abrir
Nucleimedium
TileServer GL <=3.0.0 - Cross-Site Scripting
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RISCO
abrir
Nucleicritical
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
CVE-2020-15505CRITICALsob ataque
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RISCO
abrir
Nucleicritical
TerraMaster TOS <.1.29 - Remote Code Execution
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic cla
43RISCO
abrir
Nucleimedium
RosarioSIS 6.7.2 - Cross-Site Scripting
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc
38RISCO
abrir
Nucleihigh
Gogs 0.5.5 - 0.12.2 - Remote Code Execution
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privile
40RISCO
abrir
Nucleimedium
D-Link DIR-816L 2.x - Cross-Site Scripting
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no outp
18RISCO
abrir
Nucleicritical
Tiki Wiki CMS GroupWare - Authentication Bypass
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
23RISCO
abrir
Nucleicritical
Mida eFramework <=2.9.0 - Remote Command Execution
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISCO
abrir
Nucleihigh
Cisco Unified IP Conference Station 7937G - Denial-of-Service
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the de
40RISCO
abrir
Nucleimedium
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this mi
18RISCO
abrir
Nucleicritical
SaltStack <=3002 - Shell Injection
CVE-2020-16846CRITICALsob ataque
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RISCO
abrir
Nucleihigh
Microsoft SharePoint - Remote Code Execution
Microsoft SharePoint Remote Code Execution Vulnerability
58RISCO
abrir
Nucleimedium
Nova Lite < 1.3.9 - Cross-Site Scripting
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
18RISCO
abrir
Nucleimedium
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
43RISCO
abrir
Nucleicritical
SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi pa
60RISCO
abrir
Nucleicritical
Fuel CMS 1.4.7 - SQL Injection
CVE-2020-17463CRITICALsob ataque
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
100RISCO
abrir
Nucleicritical
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
CVE-2020-17496CRITICALsob ataque
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbe
100RISCO
abrir
Nucleihigh
Artica Web Proxy 4.30 - OS Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter i
40RISCO
abrir
Nucleicritical
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISCO
abrir
Nucleihigh
Apache Flink 1.5.1 - Local File Inclusion
Apache Flink directory traversal attack: remote file writing through the REST API
50RISCO
abrir
Nucleihigh
Apache Flink - Local File Inclusion
CVE-2020-17519CRITICALsob ataque
Apache Flink directory traversal attack: reading remote files through the REST API
100RISCO
abrir
Nucleihigh
Apache Airflow <1.10.14 - Authentication Bypass
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a maliciou
23RISCO
abrir
Nucleicritical
Apache Struts 2.0.0-2.5.25 - Remote Code Execution
CVE-2020-17530CRITICALsob ataque
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISCO
abrir
Nucleimedium
Z-Blog <=1.5.2 - Open Redirect
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect"
18RISCO
abrir
Nucleimedium
Jeesns 1.4.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts o
18RISCO
abrir
Nucleimedium
Jeesns 1.4.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to ex
18RISCO
abrir
anteriorpágina 35 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.