Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Advanced Comment System 1.0 - 'ACS_path' Path Traversal
CVE-2020-3559804 jan 2021
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=.
43RISCO
abrir
Exploit-DB
Wordpress Core 5.2.2 - 'post previews' XSS
CVE-2019-1622304 jan 2021
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
23RISCO
abrir
Exploit-DB
Subrion CMS 4.2.1 - 'avatar[path]' XSS
CVE-2020-3543704 jan 2021
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the
23RISCO
abrir
Exploit-DB
GitLab 11.4.7 - RCE (Authenticated) (2)
CVE-2018-1957124 dez 2020
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an
28RISCO
abrir
Exploit-DB
GitLab 11.4.7 - RCE (Authenticated) (2)
CVE-2018-1958524 dez 2020
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection
28RISCO
abrir
Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
CVE-2020-2014021 dez 2020
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Cha
23RISCO
abrir
Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
CVE-2020-2013921 dez 2020
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table
23RISCO
abrir
Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
CVE-2020-2014121 dez 2020
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Tab
23RISCO
abrir
Exploit-DB
Spiceworks 7.5 - HTTP Header Injection
CVE-2020-2590121 dez 2020
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious we
23RISCO
abrir
Exploit-DB
Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
CVE-2020-2014221 dez 2020
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table &
23RISCO
abrir
Exploit-DB
SCO Openserver 5.0.7 - 'section' Reflected XSS
CVE-2020-2549521 dez 2020
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote at
38RISCO
abrir
Exploit-DB
SCO Openserver 5.0.7 - 'outputform' Command Injection
CVE-2020-2549421 dez 2020
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in ou
35RISCO
abrir
Exploit-DB
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
CVE-2020-2688718 dez 2020
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
23RISCO
abrir
Exploit-DB
Nxlog Community Edition 2.10.2150 - DoS (Poc)
CVE-2020-3548817 dez 2020
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of
23RISCO
abrir
Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root
CVE-2020-14871CRITICALsob ataque15 dez 2020
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISCO
abrir
Exploit-DB
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
CVE-2020-3452HIGHsob ataque15 dez 2020
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir
Exploit-DB
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
CVE-2018-1958514 dez 2020
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection
28RISCO
abrir
Exploit-DB
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
CVE-2018-1957114 dez 2020
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an
28RISCO
abrir
Exploit-DB
Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
CVE-2020-223114 dez 2020
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via '
23RISCO
abrir
Exploit-DB
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
CVE-2020-222911 dez 2020
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a sto
23RISCO
abrir
Exploit-DB
Rukovoditel 2.6.1 - RCE (1)
CVE-2020-1181911 dez 2020
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve
28RISCO
abrir
Exploit-DB
Jenkins 2.235.3 - 'Description' Stored XSS
CVE-2020-223011 dez 2020
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in
45RISCO
abrir
Exploit-DB
SmarterMail Build 6985 - Remote Code Execution
CVE-2019-721409 dez 2020
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISCO
abrir
Exploit-DB
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)
CVE-2020-575207 dez 2020
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RISCO
abrir
Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
CVE-2020-2897804 dez 2020
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a
28RISCO
abrir
Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
CVE-2020-2897604 dez 2020
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make
43RISCO
abrir
Exploit-DB
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
CVE-2020-2897704 dez 2020
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a
28RISCO
abrir
Exploit-DB
Chromium 83 - Full CSP Bypass
CVE-2020-651904 dez 2020
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy
28RISCO
abrir
Exploit-DB
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
CVE-2020-1407302 dez 2020
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can c
23RISCO
abrir
Exploit-DB
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
CVE-2020-2742202 dez 2020
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an a
23RISCO
abrir
anteriorpágina 39 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.