Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Rukovoditel <= 2.7.2 - Cross-Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticat
18RISCO
abrir
Nucleicritical
CSE Bookstore 1.0 - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pub
23RISCO
abrir
Nucleicritical
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalat
43RISCO
abrir
Nucleimedium
Jira Server and Data Center - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
50RISCO
abrir
Nucleicritical
ThemeGrill Demo Importer < 1.6.2 - Database Reset
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard
18RISCO
abrir
Nucleimedium
Smartstore <4.1.0 - Open Redirect
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication,
18RISCO
abrir
Nucleimedium
WordPress 15Zine <3.3.0 - Cross-Site Scripting
15Zine < 3.3.0 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Adning Advertising <= 1.5.5 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Arbitrary File Upload
43RISCO
abrir
Nucleicritical
WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
Epsilon Framework Themes (Various Versions) - Function Injection
75RISCO
abrir
Nucleicritical
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation
43RISCO
abrir
Nucleihigh
ListingPro < 2.6.1 - Sensitive Data Disclosure
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure
28RISCO
abrir
Nucleimedium
WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal
28RISCO
abrir
Nucleihigh
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
36RISCO
abrir
Nucleihigh
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
36RISCO
abrir
Nucleimedium
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
28RISCO
abrir
Nucleicritical
Pinger 1.0 - Remote Code Execution
Pinger 1.0 - Remote Code Execution
63RISCO
abrir
Nucleicritical
VMware vCenter Server LDAP Broken Access Control
CVE-2020-3952CRITICALsob ataque
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir
Nucleicritical
IBM Data Risk Manager - Authentication Bypass via SAML
CVE-2020-4427CRITICALsob ataque
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RISCO
abrir
Nucleihigh
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc
68RISCO
abrir
Nucleimedium
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
38RISCO
abrir
Nucleihigh
Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages an
43RISCO
abrir
Nucleimedium
Next.js <9.3.2 - Local File Inclusion
Directory Traversal in Next.js versions below 9.3.2
40RISCO
abrir
Nucleicritical
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username paramet
23RISCO
abrir
Nucleimedium
Spring Cloud Config - Local File Inclusion
Directory Traversal with spring-cloud-config-server
30RISCO
abrir
Nucleihigh
Spring Cloud Config Server - Local File Inclusion
CVE-2020-5410HIGHsob ataque
Directory Traversal with spring-cloud-config-server
100RISCO
abrir
Nucleimedium
Spring Cloud Netflix - Server-Side Request Forgery
Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
23RISCO
abrir
Nucleicritical
Grandstream UCM6200 - SQL Injection
CVE-2020-5722CRITICALsob ataque
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir
Nucleihigh
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin f
18RISCO
abrir
Nucleimedium
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas appli
18RISCO
abrir
Nucleihigh
MAGMI - Cross-Site Request Forgery
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is poss
23RISCO
abrir
anteriorpágina 40 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.