Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleicritical
Microsoft Exchange Server SSRF Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Nucleimedium
Odoo <= 15.0 - Cross-Site Scripting
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote att
28RISCO
abrir ↗Nucleimedium
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated
18RISCO
abrir ↗Nucleicritical
Sercomm VD625 Smart Modems - CRLF Injection
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via
23RISCO
abrir ↗Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
18RISCO
abrir ↗Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
18RISCO
abrir ↗Nucleicritical
Doctor Appointment System 1.0 - SQL Injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL q
23RISCO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RISCO
abrir ↗Nucleimedium
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read
18RISCO
abrir ↗Nucleihigh
Grafana Unauthenticated Snapshot Creation
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of
40RISCO
abrir ↗Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISCO
abrir ↗Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RISCO
abrir ↗Nucleicritical
YeaLink DM 3.6.0.20 - Remote Command Injection
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI,
95RISCO
abrir ↗Nucleicritical
Pega Infinity - Authentication Bypass
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to byp
75RISCO
abrir ↗Nucleicritical
Appspace 6.2.4 - Server-Side Request Forgery
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
30RISCO
abrir ↗Nucleicritical
Apache Tapestry - Remote Code Execution
Bypass of the fix for CVE-2019-0195
60RISCO
abrir ↗Nucleicritical
FatPipe WARP/IPVPN/MPVPN - Backdoor Account
FatPipe software administrative account with no password
43RISCO
abrir ↗Nucleimedium
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
Missing authorization vulnerability in FatPipe software
28RISCO
abrir ↗Nucleicritical
Apache Solr <=8.8.1 - Server-Side Request Forgery
SSRF vulnerability with the Replication handler
40RISCO
abrir ↗Nucleimedium
Mautic <3.3.4 - Cross-Site Scripting
XSS vulnerability on password reset page
28RISCO
abrir ↗Nucleicritical
LumisXP <10.0.0 - Blind XML External Entity Attack
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControl
23RISCO
abrir ↗Nucleicritical
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RISCO
abrir ↗Nucleimedium
Hongdian H8922 3.0.5 Devices - Local File Inclusion
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user
23RISCO
abrir ↗Nucleimedium
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and oth
18RISCO
abrir ↗Nucleihigh
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) f
23RISCO
abrir ↗Nucleimedium
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISCO
abrir ↗Nucleimedium
Eclipse Jetty ConcatServlet - Information Disclosure
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doub
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.