Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleihigh
Odoo Apps - Cross-Site Scripting via Prototype Pollution
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a m
18RISCO
abrir
Nucleicritical
Buffalo WSR-2533DHPL2 - Path Traversal
CVE-2021-20090CRITICALsob ataque
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3
95RISCO
abrir
Nucleihigh
Buffalo WSR-2533DHPL2 - Configuration File Injection
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RISCO
abrir
Nucleihigh
Buffalo WSR-2533DHPL2 - Improper Access Control
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RISCO
abrir
Nucleihigh
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the
18RISCO
abrir
Nucleihigh
Draytek VigorConnect 1.6.0-B - Local File Inclusion
CVE-2021-20123HIGHsob ataque
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the D
88RISCO
abrir
Nucleihigh
Draytek VigorConnect 6.0-B3 - Local File Inclusion
CVE-2021-20124HIGHsob ataque
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the W
78RISCO
abrir
Nucleimedium
Gryphon Tower - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the
18RISCO
abrir
Nucleimedium
Trendnet AC2600 TEW-827DRU - Credentials Disclosure
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authe
30RISCO
abrir
Nucleicritical
Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauth
23RISCO
abrir
Nucleihigh
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable
18RISCO
abrir
Nucleimedium
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
30RISCO
abrir
Nucleicritical
Acmailer - Improper Access Control to OS Command Injection
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows
18RISCO
abrir
Nucleimedium
WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject
18RISCO
abrir
Nucleicritical
MovableType - Remote Command Injection
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RISCO
abrir
Nucleimedium
Adobe ColdFusion - Cross-Site Scripting
ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
40RISCO
abrir
Nucleihigh
Spring Boot Actuator Logview Directory Traversal
Directory Traversal
61RISCO
abrir
Nucleihigh
OneDev < 4.0.3 - User Access Token Leak
Pre-Auth Access token leak
48RISCO
abrir
Nucleihigh
MinIO Browser API - Server-Side Request Forgery
Server-Side Request Forgery in MinIO Browser API
41RISCO
abrir
Nucleicritical
Lucee Admin - Remote Code Execution
Remote Code Exploit in Lucee Admin
78RISCO
abrir
Nucleihigh
Adminer <4.7.9 - Server-Side Request Forgery
CVE-2021-21311HIGHsob ataque
SSRF in adminer
100RISCO
abrir
Nucleihigh
Node.JS System Information Library <5.3.1 - Remote Command Injection
CVE-2021-21315HIGHsob ataque
Command Injection Vulnerability
100RISCO
abrir
Nucleicritical
XStream < 1.4.16 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
50RISCO
abrir
Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Suppor
43RISCO
abrir
Nucleicritical
XStream <1.4.16 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
50RISCO
abrir
Nucleihigh
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
BuddyPress privilege escalation via REST API
61RISCO
abrir
Nucleimedium
Jellyfin <10.7.0 - Local File Inclusion
Unauthenticated Arbitrary File Access in Jellyfin
78RISCO
abrir
Nucleicritical
SCIMono <0.0.19 - Remote Code Execution
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availabi
41RISCO
abrir
Nucleimedium
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use th
30RISCO
abrir
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (2
48RISCO
abrir
anteriorpágina 43 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.