Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleicritical
EyesOfNetwork - Hardcoded API Key & SQL Injection
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISCO
abrir
Nucleicritical
EyesOfNetwork - Hardcoded API Key
CVE-2020-8657CRITICALsob ataque
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISCO
abrir
Nucleicritical
WordPress Time Capsule < 1.21.16 - Authentication Bypass
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFI
30RISCO
abrir
Nucleicritical
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in in
40RISCO
abrir
Nucleihigh
Cacti v1.2.8 - Remote Code Execution
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a
60RISCO
abrir
Nucleihigh
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones)
23RISCO
abrir
Nucleimedium
Jeedom <=4.0.38 - Cross-Site Scripting
Jeedom through 4.0.38 allows XSS.
18RISCO
abrir
Nucleicritical
Couchbase Server - Broken Access Control
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Per
18RISCO
abrir
Nucleihigh
WordPress wpCentral <1.5.1 - Information Disclosure
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
18RISCO
abrir
Nucleihigh
exacqVision Web Service - Remote Code Execution
exacqVision Software - Improper Verification of Cryptographic Signature
28RISCO
abrir
Nucleicritical
Zyxel NAS Firmware 5.21- Remote Code Execution
CVE-2020-9054CRITICALsob ataque
ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi
100RISCO
abrir
Nucleimedium
Oracle iPlanet Web Server 7.0.x - Image Injection
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration c
18RISCO
abrir
Nucleihigh
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/vers
40RISCO
abrir
Nucleimedium
Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
18RISCO
abrir
Nucleihigh
D-Link DIR-610 Devices - Information Disclosure
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE
23RISCO
abrir
Nucleihigh
rConfig <3.9.4 - Sensitive Information Disclosure
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved
23RISCO
abrir
Nucleicritical
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (s
23RISCO
abrir
Nucleihigh
SkyWalking SQLI
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is
30RISCO
abrir
Nucleihigh
Apache Tomcat Remote Command Execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a)
30RISCO
abrir
Nucleimedium
Apache OFBiz 17.12.03 - Cross-Site Scripting
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RISCO
abrir
Nucleicritical
FasterXML jackson-databind - Deserialization Remote Code Execution
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
23RISCO
abrir
Nucleicritical
FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
23RISCO
abrir
Nucleicritical
Craft CMS < 3.3.0 - Server-Side Template Injection
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed
40RISCO
abrir
Nucleicritical
Cisco Small Business RV Series - OS Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
50RISCO
abrir
Nucleicritical
Cisco HyperFlex HX Data Platform - Remote Command Execution
CVE-2021-1497CRITICALsob ataque
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISCO
abrir
Nucleicritical
Cisco HyperFlex HX Data Platform - Remote Command Execution
CVE-2021-1498CRITICALsob ataque
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISCO
abrir
Nucleimedium
Cisco HyperFlex HX Data Platform - Arbitrary File Upload
Cisco HyperFlex HX Data Platform File Upload Vulnerability
50RISCO
abrir
Nucleicritical
SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation
CVE-2021-20021CRITICALsob ataqueransomware
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account
100RISCO
abrir
Nucleimedium
SonicWall SonicOS 7.0 - Open Redirect
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management
43RISCO
abrir
Nucleicritical
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
CVE-2021-20038CRITICALsob ataqueransomware
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows
100RISCO
abrir
anteriorpágina 42 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.