Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.163exploits catalogados
31.687CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleihigh
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and vi
36RISCO
abrir
Nucleicritical
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
CVE-2021-37415CRITICALsob ataque
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs w
95RISCO
abrir
Nucleimedium
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
18RISCO
abrir
Nucleicritical
PrestaShop SmartBlog <4.0.6 - SQL Injection
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthentica
40RISCO
abrir
Nucleimedium
Tiny Java Web Server - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS
18RISCO
abrir
Nucleicritical
Apache ShenYu Admin JWT - Authentication Bypass
Apache ShenYu Admin bypass JWT authentication
50RISCO
abrir
Nucleihigh
Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Cobranca before 12R allows SQL Injection on the login page.
43RISCO
abrir
Nucleimedium
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
18RISCO
abrir
Nucleimedium
phpfastcache - phpinfo Resource Exposure
Exposed phpinfo() in PhpFastCache
28RISCO
abrir
Nucleimedium
Hotel Druid 3.0.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid applic
18RISCO
abrir
Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary
23RISCO
abrir
Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as report
30RISCO
abrir
Nucleihigh
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server
18RISCO
abrir
Nucleimedium
Nagios XI < 5.8.6 - Cross-Site Scripting
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a
40RISCO
abrir
Nucleimedium
Gnuboard 5 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5
36RISCO
abrir
Nucleimedium
WordPress Redux Framework <=4.2.11 - Information Disclosure
Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure
33RISCO
abrir
Nucleicritical
Apache Airflow - Unauthenticated Variable Import
Apache Airflow: Variable Import endpoint missed authentication check
40RISCO
abrir
Nucleicritical
Microsoft Open Management Infrastructure - Remote Code Execution
CVE-2021-38647CRITICALsob ataqueransomware
Open Management Infrastructure Remote Code Execution Vulnerability
100RISCO
abrir
Nucleimedium
Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
18RISCO
abrir
Nucleimedium
ClinicCases 7.3.3 Cross-Site Scripting
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to in
18RISCO
abrir
Nucleimedium
ExponentCMS <= 2.6 - Host Header Injection
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can cha
18RISCO
abrir
Nucleihigh
XStream 1.4.18 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RISCO
abrir
Nucleihigh
XStream 1.4.18 - Remote Code Execution
CVE-2021-39144HIGHsob ataque
XStream is vulnerable to a Remote Command Execution attack
100RISCO
abrir
Nucleihigh
XStream 1.4.18 - Arbitrary Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RISCO
abrir
Nucleihigh
XStream <1.4.18 - Server-Side Request Forgery
A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling
41RISCO
abrir
Nucleimedium
Cachet <=2.3.18 - SQL Injection
Unauthenticated SQL Injection
36RISCO
abrir
Nucleimedium
GLPI 9.2/<9.5.6 - Information Disclosure
Disclosure of GLPI and server information in telemetry endpoint
28RISCO
abrir
Nucleihigh
Grafana Snapshot - Authentication Bypass
CVE-2021-39226CRITICALsob ataque
Snapshot authentication bypass in grafana
95RISCO
abrir
Nucleihigh
WordPress True Ranker <2.2.4 - Local File Inclusion
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RISCO
abrir
Nucleihigh
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RISCO
abrir
anteriorpágina 55 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.