Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleicritical
FOG Project < 1.5.10.34 - Remote Command Execution
FOG has a command injection in /fog/management/export.php?filename=
68RISCO
abrir ↗Nucleihigh
Bazarr < 1.4.3 - Arbitrary File Read
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory
36RISCO
abrir ↗Nucleicritical
CrushFTP VFS - Sandbox Escape LFR
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISCO
abrir ↗Nucleicritical
Devika v1 - Path Traversal
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path tr
68RISCO
abrir ↗Nucleicritical
Veeam Backup & Replication - Unauthenticated
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code exec
100RISCO
abrir ↗Nucleicritical
Apache CloudStack - SAML Signature Exclusion
Apache CloudStack: SAML Signature Exclusion
41RISCO
abrir ↗Nucleihigh
Cluster Control CMON API - Directory Traversal
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and
36RISCO
abrir ↗Nucleihigh
OpenAM<=15.0.3 FreeMarker - Template Injection
OpenAM FreeMarker template injection
36RISCO
abrir ↗Nucleihigh
Mitel MiCollab - Authentication Bypass
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could
100RISCO
abrir ↗Nucleimedium
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar < 6.4.0.1 - Reflected XSS
63RISCO
abrir ↗Nucleimedium
Open Redirect in Login Redirect - MobSF
Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect
28RISCO
abrir ↗Nucleicritical
Roundcube Webmail - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir ↗Nucleimedium
BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection
BlueNet Technology Clinical Browsing System deleteStudy.php sql injection
33RISCO
abrir ↗Nucleicritical
Angular-Base64-Upload - Remote Code Execution
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Explo
75RISCO
abrir ↗Nucleimedium
AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary cod
28RISCO
abrir ↗Nucleihigh
Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti befor
56RISCO
abrir ↗Nucleicritical
DATAGERRY - REST API Auth Bypass
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
63RISCO
abrir ↗Nucleihigh
Sitecore Experience Platform <= 10.4 - Arbitrary File Read
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0
48RISCO
abrir ↗Nucleicritical
Camaleon CMS < 2.8.1 Arbitrary File Write to RCE
Arbitrary file write leading to RCE in Camaleon CMS
75RISCO
abrir ↗Nucleicritical
Navidrome < 0.53.0 - Authenticated SQL Injection
Multiple SQL Injections and ORM Leak in navidrome
63RISCO
abrir ↗Nucleicritical
DataEase v2.10.2 - JWT Signature Verification Bypass
Dataease arbitrary interface access vulnerability
43RISCO
abrir ↗Nucleimedium
Templately <= 3.1.2 - Broken Access Control
WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability
28RISCO
abrir ↗Nucleihigh
LiteSpeed Cache <= 6.5.0.2 - Stored XSS
WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability
36RISCO
abrir ↗Nucleicritical
Cobbler 'XML-RPC' - Authentication Bypass
Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes
63RISCO
abrir ↗Nucleihigh
NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /
100RISCO
abrir ↗Nucleihigh
Cloudlog - SQL Injection
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.
36RISCO
abrir ↗Nucleicritical
JeecgBoot v3.7.1 - SQL Injection
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalD
75RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.