Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleihigh
Nodejs Squirrelly - Remote Code Execution
Remote code execution in squirrelly
68RISCO
abrir ↗Nucleihigh
Express-handlebars - Local File Inclusion
File disclosure in Express Handlebars
23RISCO
abrir ↗Nucleicritical
Erxes <0.23.0 - Cross-Site Scripting
Erxes vulnerable to Cross-site Scripting
28RISCO
abrir ↗Nucleicritical
Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RISCO
abrir ↗Nucleimedium
emlog 5.3.1 Path Disclosure
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webr
23RISCO
abrir ↗Nucleihigh
Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
23RISCO
abrir ↗Nucleicritical
Dahua IPC/VTH/VTO - Authentication Bypass
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir ↗Nucleicritical
Dahua IPC/VTH/VTO - Authentication Bypass
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir ↗Nucleicritical
CommScope Ruckus IoT Controller - Information Disclosure
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
30RISCO
abrir ↗Nucleicritical
RaspAP <=2.6.5 - Remote Command Injection
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the
23RISCO
abrir ↗Nucleihigh
Geutebruck - Remote Command Injection
UDP Technology/Geutebrück camera devices: command injection leading to RCE
58RISCO
abrir ↗Nucleihigh
Boa 0.94.13 - Information Disclosure
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, previe
43RISCO
abrir ↗Nucleicritical
Ruby Dragonfly <1.4.0 - Remote Code Execution
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write
60RISCO
abrir ↗Nucleicritical
SAP NetWeaver Development Infrastructure - Server Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Compo
75RISCO
abrir ↗Nucleimedium
Rstudio Shiny Server <1.5.16 - Local File Inclusion
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involvin
23RISCO
abrir ↗Nucleihigh
Microsoft Exchange - Authentication Bypass
Microsoft Exchange Server Information Disclosure Vulnerability
100RISCO
abrir ↗Nucleimedium
npm ansi_up v4 - Cross-Site Scripting
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTM
18RISCO
abrir ↗Nucleicritical
FortiLogger 4.4.2.2 - Arbitrary File Upload
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISCO
abrir ↗Nucleihigh
Cartadis Gespage 8.2.1 - Directory Traversal
Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
23RISCO
abrir ↗Nucleimedium
Drupal 7 CKEditor XSS
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1
18RISCO
abrir ↗Nucleimedium
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an appl
18RISCO
abrir ↗Nucleimedium
Accela Civic Platform <=21.1 - Cross-Site Scripting
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The
43RISCO
abrir ↗Nucleicritical
Chamilo model.ajax.php - SQL Injection
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 p
23RISCO
abrir ↗Nucleimedium
Accela Civic Platform <=21.1 - Cross-Site Scripting
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are
38RISCO
abrir ↗Nucleicritical
Eclipse BIRT Viewer - Remote Code Execution
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RISCO
abrir ↗Nucleimedium
Eclipse Jetty - Information Disclosure
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RISCO
abrir ↗Nucleicritical
Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir ↗Nucleicritical
WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
75RISCO
abrir ↗Nucleicritical
WordPress ProfilePress <= 3.1.3 - Privilege Escalation
ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
43RISCO
abrir ↗Nucleicritical
WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload
ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component
43RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.