Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleicritical
WordPress My Calendar <3.4.22 - SQL Injection
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in th
48RISCO
abrir
Nucleimedium
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site Scripting in Alkacon Software OpenCms
28RISCO
abrir
Nucleimedium
OpenCms 14 & 15 - Open Redirect
Open Redirect in Alkacon Software OpenCms
28RISCO
abrir
Nucleimedium
WordPress Toolbar <= 2.2.6 - Open Redirect
WordPress Toolbar <= 2.2.6 - Open Redirect
33RISCO
abrir
Nucleimedium
WordPress Download Manager - File Password Exposure
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak
36RISCO
abrir
Nucleihigh
SolarWinds Security Event Manager - Unauthenticated RCE
SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
78RISCO
abrir
Nucleicritical
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
43RISCO
abrir
Nucleihigh
Monitorr Services Configuration - Arbitrary File Upload
15RISCO
abrir
Nucleicritical
Arcserve Unified Data Protection - Authentication Bypass
Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
43RISCO
abrir
Nucleihigh
Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
Unauthenticated DoS in Arcserve Unified Data Protection
48RISCO
abrir
Nucleimedium
Combo Blocks < 2.2.76 - Improper Access Control
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
33RISCO
abrir
Nucleicritical
Smart S210 Management Platform - Arbitary File Upload
Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload
40RISCO
abrir
Nucleimedium
Issabel Authenticated - Remote Code Execution
Issabel PBX Asterisk-Cli os command injection
40RISCO
abrir
Nucleicritical
CodeChecker <= 6.24.1 - Authentication Bypass
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
55RISCO
abrir
Nucleimedium
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
28RISCO
abrir
Nucleihigh
Simple Certain Time to Show Content - Cross-Site Scripting
Simple Certain Time to Show Content < 1.3.1 - Reflected XSS
36RISCO
abrir
Nucleicritical
Rebuild <= 3.5.5 - Server-Side Request Forgery
Rebuild HTTP Request readRawText server-side request forgery
40RISCO
abrir
Nucleihigh
Tutor LMS <= 2.7.6 - SQL Injection
Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter
78RISCO
abrir
Nucleimedium
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
28RISCO
abrir
Nucleihigh
Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
36RISCO
abrir
Nucleicritical
Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source
63RISCO
abrir
Nucleicritical
WordPress HTML5 Video Player - SQL Injection
The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerabilit
41RISCO
abrir
Nucleimedium
System Dashboard < 2.8.15 - Admin+ Path Traversal
System Dashboard < 2.8.15 - Admin+ Path Traversal
28RISCO
abrir
Nucleicritical
WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RISCO
abrir
Nucleicritical
WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion
Campress <= 1.35 - Unauthenticated Local File Inclusion
43RISCO
abrir
Nucleihigh
WordPress Plugin MainWP Child - Authentication Bypass
MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation
36RISCO
abrir
Nucleimedium
GPT Academic v1.3.9 - Open Redirect
Open Redirect in binary-husky/gpt_academic
28RISCO
abrir
Nucleimedium
FastChat - Open Redirect
Open Redirect in lm-sys/fastchat
28RISCO
abrir
Nucleicritical
D-Link NAS - Command Injection via Name Parameter
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISCO
abrir
Nucleicritical
D-Link NAS - Command Injection via Group Parameter
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RISCO
abrir
anteriorpágina 59 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.