Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
WordPress GiveWP <2.17.3 - Cross-Site Scripting
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress English Admin <1.5.2 - Open Redirect
English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
18RISCO
abrir
Nucleimedium
WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleicritical
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
40RISCO
abrir
Nucleimedium
Yoast SEO 16.7-17.2 - Information Disclosure
Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
18RISCO
abrir
Nucleimedium
Easy Social Feed < 6.2.7 - Cross-Site Scripting
Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Aruba Instant Access Point (IAP) - Cross-Site Scripting
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve
43RISCO
abrir
Nucleicritical
SaltStack Salt <3002.5 - Auth Bypass
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel
40RISCO
abrir
Nucleihigh
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
CVE-2021-25296HIGHsob ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir
Nucleihigh
Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
CVE-2021-25297HIGHsob ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RISCO
abrir
Nucleihigh
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
CVE-2021-25298HIGHsob ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISCO
abrir
Nucleimedium
Nagios XI 5.7.5 - Cross-Site Scripting
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/na
40RISCO
abrir
Nucleihigh
Apache Druid - Remote Code Execution
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
60RISCO
abrir
Nucleihigh
Hue Magic 3.0.0 - Local File Inclusion
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in fil
18RISCO
abrir
Nucleihigh
Void Aural Rec Monitor 9.0.0.1 - SQL Injection
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a craft
23RISCO
abrir
Nucleimedium
Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers
30RISCO
abrir
Nucleicritical
Confluence Server - Remote Code Execution
CVE-2021-26084CRITICALsob ataqueransomware
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
Nucleimedium
Atlassian Confluence Server - Local File Inclusion
CVE-2021-26085MEDIUMsob ataqueransomware
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authoriza
100RISCO
abrir
Nucleimedium
Atlassian Jira Limited - Local File Inclusion
CVE-2021-26086MEDIUMsob ataque
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path tr
100RISCO
abrir
Nucleimedium
Cacti - Cross-Site Scripting
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" t
18RISCO
abrir
Nucleihigh
AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal
23RISCO
abrir
Nucleicritical
Apache OFBiz <17.12.06 - Arbitrary Code Execution
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
60RISCO
abrir
Nucleimedium
EPrints 3.4.2 - Cross-Site Scripting
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
18RISCO
abrir
Nucleimedium
ImpressCMS <1.4.3 - Incorrect Authorization
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated atta
23RISCO
abrir
Nucleihigh
ImpressCMS < 1.4.3 - SQL Injection
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
43RISCO
abrir
Nucleimedium
EPrints 3.4.2 - Cross-Site Scripting
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
18RISCO
abrir
Nucleimedium
Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to
18RISCO
abrir
Nucleimedium
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
23RISCO
abrir
Nucleimedium
Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting
Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This
40RISCO
abrir
anteriorpágina 49 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.