Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RISCO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RISCO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISCO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISCO
abrir ↗Nucleicritical
Advantech R-SeeNet 2.4.12 - OS Command Injection
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.
55RISCO
abrir ↗Nucleimedium
D-Link DIR-3040 1.13B03 - Information Disclosure
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially craft
40RISCO
abrir ↗Nucleicritical
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix Prem
55RISCO
abrir ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISCO
abrir ↗Nucleimedium
VMware vSphere - Server-Side Request Forgery
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of UR
100RISCO
abrir ↗Nucleihigh
vRealize Operations Manager API - Server-Side Request Forgery
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RISCO
abrir ↗Nucleicritical
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISCO
abrir ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RISCO
abrir ↗Nucleicritical
VMware vCenter Server - Arbitrary File Upload
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISCO
abrir ↗Nucleimedium
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A mali
70RISCO
abrir ↗Nucleihigh
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to exe
23RISCO
abrir ↗Nucleihigh
VMWare Workspace ONE UEM - Server-Side Request Forgery
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and
100RISCO
abrir ↗Nucleimedium
FortiWeb - Cross Site Scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version
23RISCO
abrir ↗Nucleimedium
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir ↗Nucleihigh
GitLab CI Lint API - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
70RISCO
abrir ↗Nucleicritical
GitLab CE/EE - Remote Code Execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir ↗Nucleihigh
Gitlab CE/EE 10.5 - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE
53RISCO
abrir ↗Nucleicritical
Micro Focus Operations Bridge Reporter - Remote Code Execution
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISCO
abrir ↗Nucleicritical
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to
30RISCO
abrir ↗Nucleimedium
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg
50RISCO
abrir ↗Nucleimedium
Ruby on Rails - Open Redirect via Host Header Injection
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Sp
40RISCO
abrir ↗Nucleicritical
Rocket.Chat <=3.13 - NoSQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir ↗Nucleicritical
F5 iControl REST - Remote Command Execution
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RISCO
abrir ↗Nucleimedium
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.