Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Joomla! ChronoForums 2.0.11 - Local File Inclusion
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
18RISCO
abrir
Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
85RISCO
abrir
Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
55RISCO
abrir
Nucleicritical
QNAP HBS 3 - Broken Access Control
CVE-2021-28799CRITICALsob ataqueransomware
Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
95RISCO
abrir
Nucleicritical
Netmask NPM Package - Server-Side Request Forgery
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attacke
23RISCO
abrir
Nucleihigh
Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) conta
18RISCO
abrir
Nucleimedium
rConfig 3.9.6 - Local File Inclusion
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any
18RISCO
abrir
Nucleihigh
LDAP Injection In OpenAM
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacke
60RISCO
abrir
Nucleicritical
Apache OFBiz < 17.12.07 - Arbitrary Code Execution
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
30RISCO
abrir
Nucleicritical
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infr
30RISCO
abrir
Nucleicritical
Nacos <1.4.1 - Authentication Bypass
Authentication bypass
78RISCO
abrir
Nucleihigh
Nacos <1.4.1 - Authentication Bypass
Authentication bypass
68RISCO
abrir
Nucleimedium
Ghost CMS <=4.32 - Cross-Site Scripting
DOM XSS in Theme Preview
28RISCO
abrir
Nucleimedium
Jellyfin 10.7.2 - Server Side Request Forgery
Unauthenticated GET requests through Remote Image endpoints
40RISCO
abrir
Nucleihigh
XStream <1.4.17 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
58RISCO
abrir
Nucleimedium
Prometheus - Open Redirect
Arbitrary redirects under /new endpoint
33RISCO
abrir
Nucleimedium
Adminer <=4.8.0 - Cross-Site Scripting
XSS in doc_link
36RISCO
abrir
Nucleimedium
Seo Panel 4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
18RISCO
abrir
Nucleimedium
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
18RISCO
abrir
Nucleicritical
Laminas Project laminas-http - Remote Code Execution
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead
60RISCO
abrir
Nucleicritical
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
CVE-2021-30116CRITICALsob ataqueransomware
Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
95RISCO
abrir
Nucleicritical
Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution
Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
55RISCO
abrir
Nucleicritical
Apache OFBiz <17.12.07 - Arbitrary Code Execution
Unsafe deserialization in Apache OFBiz
60RISCO
abrir
Nucleimedium
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key paramet
28RISCO
abrir
Nucleimedium
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explore
18RISCO
abrir
Nucleihigh
Intelbras WIN 300/WRN 342 - Credentials Disclosure
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover creden
30RISCO
abrir
Nucleicritical
ZEROF Web Server 1.0 - SQL Injection
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
18RISCO
abrir
Nucleicritical
IPeakCMS 3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the
43RISCO
abrir
Nucleihigh
ffay lanproxy Directory Traversal
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection t
23RISCO
abrir
Nucleihigh
Dzzoffice 2.02.1 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers
18RISCO
abrir
anteriorpágina 51 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.