Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleimedium
Rukovoditel <= 2.7.2 - Cross-Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticat
18RISCO
abrir ↗Nucleicritical
CSE Bookstore 1.0 - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pub
23RISCO
abrir ↗Nucleicritical
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalat
43RISCO
abrir ↗Nucleimedium
Jira Server and Data Center - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
50RISCO
abrir ↗Nucleicritical
ThemeGrill Demo Importer < 1.6.2 - Database Reset
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard
18RISCO
abrir ↗Nucleimedium
Smartstore <4.1.0 - Open Redirect
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication,
18RISCO
abrir ↗Nucleimedium
WordPress 15Zine <3.3.0 - Cross-Site Scripting
15Zine < 3.3.0 - Reflected Cross-Site Scripting
18RISCO
abrir ↗Nucleicritical
Adning Advertising <= 1.5.5 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Arbitrary File Upload
43RISCO
abrir ↗Nucleicritical
WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
Epsilon Framework Themes (Various Versions) - Function Injection
75RISCO
abrir ↗Nucleicritical
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation
43RISCO
abrir ↗Nucleihigh
ListingPro < 2.6.1 - Sensitive Data Disclosure
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure
28RISCO
abrir ↗Nucleimedium
WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal
28RISCO
abrir ↗Nucleihigh
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
36RISCO
abrir ↗Nucleihigh
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
36RISCO
abrir ↗Nucleimedium
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
28RISCO
abrir ↗Nucleicritical
VMware vCenter Server LDAP Broken Access Control
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir ↗Nucleicritical
IBM Data Risk Manager - Authentication Bypass via SAML
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RISCO
abrir ↗Nucleihigh
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc
68RISCO
abrir ↗Nucleimedium
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
38RISCO
abrir ↗Nucleihigh
Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages an
43RISCO
abrir ↗Nucleimedium
Next.js <9.3.2 - Local File Inclusion
Directory Traversal in Next.js versions below 9.3.2
40RISCO
abrir ↗Nucleicritical
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username paramet
23RISCO
abrir ↗Nucleimedium
Spring Cloud Config - Local File Inclusion
Directory Traversal with spring-cloud-config-server
30RISCO
abrir ↗Nucleihigh
Spring Cloud Config Server - Local File Inclusion
Directory Traversal with spring-cloud-config-server
100RISCO
abrir ↗Nucleimedium
Spring Cloud Netflix - Server-Side Request Forgery
Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
23RISCO
abrir ↗Nucleicritical
Grandstream UCM6200 - SQL Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir ↗Nucleihigh
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin f
18RISCO
abrir ↗Nucleimedium
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas appli
18RISCO
abrir ↗Nucleihigh
MAGMI - Cross-Site Request Forgery
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is poss
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.