Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleihigh
PrestaShop Product Comments <4.2.0 - SQL Injection
Blind SQL injection during the CommentGrade process
33RISCO
abrir ↗Nucleihigh
XStream <1.4.15 - Server-Side Request Forgery
Server-Side Forgery Request can be activated unmarshalling with XStream
50RISCO
abrir ↗Nucleimedium
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclo
40RISCO
abrir ↗Nucleimedium
SAP Solution Manager - Open Redirect
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to
23RISCO
abrir ↗Nucleihigh
WordPress WP Courses Plugin Information Disclosure
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for cour
18RISCO
abrir ↗Nucleicritical
Ruckus vRioT IoT Controller - Authentication Bypass
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacke
50RISCO
abrir ↗Nucleicritical
NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
85RISCO
abrir ↗Nucleicritical
phpMyAdmin < 5.0.3 - SQL Injection
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerabili
30RISCO
abrir ↗Nucleicritical
Emby < 4.5.0 - Server Server-Side Request Forgery
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
40RISCO
abrir ↗Nucleihigh
LionWiki <3.2.12 - Local File Inclusion
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the ind
18RISCO
abrir ↗Nucleicritical
JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics)
68RISCO
abrir ↗Nucleihigh
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within
18RISCO
abrir ↗Nucleihigh
Processwire CMS <2.7.1 - Local File Inclusion
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
23RISCO
abrir ↗Nucleicritical
Good Layers LMS Plugin <= 2.1.4 - SQL Injection
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_no
23RISCO
abrir ↗Nucleicritical
WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via `log` Parameter
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_fa
30RISCO
abrir ↗Nucleimedium
Wing FTP 6.4.4 - Cross-Site Scripting
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a craft
18RISCO
abrir ↗Nucleimedium
KeyCloak - Information Exposure
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information a
23RISCO
abrir ↗Nucleihigh
NETGEAR - Authentication Bypass
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020
36RISCO
abrir ↗Nucleimedium
IceWarp WebMail 11.4.5.0 - Cross-Site Scripting
IceWarp 11.4.5.0 allows XSS via the language parameter.
18RISCO
abrir ↗Nucleihigh
SonarQube - Authentication Bypass
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settin
41RISCO
abrir ↗Nucleimedium
TerraMaster TOS < 4.2.06 - User Enumeration
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid us
23RISCO
abrir ↗Nucleicritical
TerraMaster TOS - Unauthenticated Remote Command Execution
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RISCO
abrir ↗Nucleimedium
Rocket.Chat <3.9.1 - Information Disclosure
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
23RISCO
abrir ↗Nucleimedium
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a r
43RISCO
abrir ↗Nucleicritical
ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RISCO
abrir ↗Nucleicritical
Monitorr 1.7.6m - Unauthenticated Remote Code Execution
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RISCO
abrir ↗Nucleimedium
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make
43RISCO
abrir ↗Nucleicritical
WP Hotel Booking < 1.10.4 - PHP Object Injection
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.