Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
PacsOne Server <7.1.1 - Cross-Site Scripting
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
18RISCO
abrir ↗Nucleicritical
Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypa
18RISCO
abrir ↗Nucleicritical
Car Rental Management System 1.0 - Local File Inclusion
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack
23RISCO
abrir ↗Nucleicritical
74CMS - Remote File Inclusion
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 7
30RISCO
abrir ↗Nucleicritical
Zeroshell 3.9.3 - Command Injection
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that co
30RISCO
abrir ↗Nucleimedium
Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
43RISCO
abrir ↗Nucleimedium
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 befor
23RISCO
abrir ↗Nucleicritical
ZyXel USG - Hardcoded Credentials
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The p
100RISCO
abrir ↗Nucleicritical
IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows un
60RISCO
abrir ↗Nucleicritical
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISCO
abrir ↗Nucleihigh
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir ↗Nucleicritical
Cockpit CMS 0.6.1 - Remote Code Execution
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCrite
30RISCO
abrir ↗Nucleihigh
SMTP WP Plugin Directory Listing
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RISCO
abrir ↗Nucleicritical
Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier
23RISCO
abrir ↗Nucleicritical
OpenTSDB <=2.4.0 - Remote Code Execution
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RISCO
abrir ↗Nucleihigh
SearchBlox <9.2.2 - Local File Inclusion
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated us
23RISCO
abrir ↗Nucleihigh
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=.
43RISCO
abrir ↗Nucleicritical
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new passw
50RISCO
abrir ↗Nucleicritical
Klog Server <=2.41 - Unauthenticated Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISCO
abrir ↗Nucleihigh
GateOne 1.1 - Local File Inclusion
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.
23RISCO
abrir ↗Nucleihigh
WordPress Simple Job Board <2.9.4 - Local File Inclusion
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2
50RISCO
abrir ↗Nucleimedium
twitter-server Cross-Site Scripting
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configu
40RISCO
abrir ↗Nucleimedium
Cisco ASA/FTD Software - Cross-Site Scripting
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
100RISCO
abrir ↗Nucleicritical
Agentejo Cockpit < 0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RISCO
abrir ↗Nucleicritical
Agentejo Cockpit <0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RISCO
abrir ↗Nucleicritical
Agentejo Cockpit <0.12.0 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
60RISCO
abrir ↗Nucleicritical
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbit
65RISCO
abrir ↗Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticate
18RISCO
abrir ↗Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticate
18RISCO
abrir ↗Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authe
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.