Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleimedium
XWiki - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
43RISCO
abrir
Nucleimedium
XWiki >= 3.4-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
43RISCO
abrir
Nucleimedium
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
43RISCO
abrir
Nucleimedium
XWiki >= 6.2-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
43RISCO
abrir
Nucleimedium
XWiki < 14.10.5 - Cross-Site Scripting
XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template
43RISCO
abrir
Nucleicritical
Citrix NetScaler ADC and NetScaler Gateway - Remote Code Execution
CVE-2023-3519CRITICALsob ataqueransomware
Unauthenticated remote code execution
100RISCO
abrir
Nucleimedium
FOSSBilling < 0.5.3 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
28RISCO
abrir
Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.
40RISCO
abrir
Nucleicritical
DedeCMS 5.7.109 - Server-Side Request Forgery
DedeCMS co_do.php server-side request forgery
28RISCO
abrir
Nucleicritical
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RISCO
abrir
Nucleihigh
NocoDB version <= 0.106.1 - Arbitrary File Read
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access
56RISCO
abrir
Nucleihigh
Lightdash version <= 0.510.3 Arbitrary File Read
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory trav
56RISCO
abrir
Nucleicritical
Cloudpanel 2 < 2.3.1 - Remote Code Execution
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
85RISCO
abrir
Nucleihigh
Intelbras Switch - Information Disclosure
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to downlo
50RISCO
abrir
Nucleihigh
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_p
18RISCO
abrir
Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RISCO
abrir
Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RISCO
abrir
Nucleimedium
Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to exec
38RISCO
abrir
Nucleimedium
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RISCO
abrir
Nucleihigh
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to down
30RISCO
abrir
Nucleicritical
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini document file inclusion
78RISCO
abrir
Nucleimedium
Juniper Devices - Remote Code Execution
CVE-2023-36844MEDIUMsob ataque
Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables
100RISCO
abrir
Nucleicritical
Juniper J-Web - Remote Code Execution
CVE-2023-36845CRITICALsob ataque
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RISCO
abrir
Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.
40RISCO
abrir
Nucleicritical
Honeywell PM43 Printers - Command Injection
Printer web page invalid command execution
75RISCO
abrir
Nucleicritical
OPNsense - Cross-Site Scripting to RCE
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 al
18RISCO
abrir
Nucleihigh
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISCO
abrir
Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Fun
18RISCO
abrir
Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Fun
18RISCO
abrir
Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPa
18RISCO
abrir
anteriorpágina 61 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.