Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleicritical
Microsoft Exchange Server SSRF Vulnerability
CVE-2021-26855CRITICALsob ataqueransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Nucleimedium
Odoo <= 15.0 - Cross-Site Scripting
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote att
28RISCO
abrir
Nucleimedium
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated
18RISCO
abrir
Nucleicritical
Sercomm VD625 Smart Modems - CRLF Injection
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via
23RISCO
abrir
Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
18RISCO
abrir
Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
18RISCO
abrir
Nucleicritical
Doctor Appointment System 1.0 - SQL Injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL q
23RISCO
abrir
Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir
Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir
Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir
Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir
Nucleimedium
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read
18RISCO
abrir
Nucleihigh
Grafana Unauthenticated Snapshot Creation
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of
40RISCO
abrir
Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISCO
abrir
Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISCO
abrir
Nucleicritical
YeaLink DM 3.6.0.20 - Remote Command Injection
CVE-2021-27561CRITICALsob ataque
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI,
95RISCO
abrir
Nucleicritical
Pega Infinity - Authentication Bypass
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to byp
75RISCO
abrir
Nucleicritical
Appspace 6.2.4 - Server-Side Request Forgery
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
30RISCO
abrir
Nucleicritical
Apache Tapestry - Remote Code Execution
Bypass of the fix for CVE-2019-0195
60RISCO
abrir
Nucleicritical
FatPipe WARP/IPVPN/MPVPN - Backdoor Account
FatPipe software administrative account with no password
43RISCO
abrir
Nucleimedium
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
Missing authorization vulnerability in FatPipe software
28RISCO
abrir
Nucleicritical
Apache Solr <=8.8.1 - Server-Side Request Forgery
SSRF vulnerability with the Replication handler
40RISCO
abrir
Nucleimedium
Mautic <3.3.4 - Cross-Site Scripting
XSS vulnerability on password reset page
28RISCO
abrir
Nucleicritical
LumisXP <10.0.0 - Blind XML External Entity Attack
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControl
23RISCO
abrir
Nucleicritical
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RISCO
abrir
Nucleimedium
Hongdian H8922 3.0.5 Devices - Local File Inclusion
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user
23RISCO
abrir
Nucleimedium
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and oth
18RISCO
abrir
Nucleihigh
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) f
23RISCO
abrir
Nucleimedium
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISCO
abrir
Nucleimedium
Eclipse Jetty ConcatServlet - Information Disclosure
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doub
50RISCO
abrir
anteriorpágina 50 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.