Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleicritical
Cloudpanel 2 < 2.3.1 - Remote Code Execution
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
85RISCO
abrir ↗Nucleihigh
Intelbras Switch - Information Disclosure
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to downlo
50RISCO
abrir ↗Nucleihigh
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_p
18RISCO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RISCO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RISCO
abrir ↗Nucleimedium
Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to exec
38RISCO
abrir ↗Nucleimedium
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RISCO
abrir ↗Nucleihigh
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to down
30RISCO
abrir ↗Nucleicritical
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini document file inclusion
78RISCO
abrir ↗Nucleimedium
Juniper Devices - Remote Code Execution
Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables
100RISCO
abrir ↗Nucleicritical
Juniper J-Web - Remote Code Execution
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RISCO
abrir ↗Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.
40RISCO
abrir ↗Nucleicritical
Honeywell PM43 Printers - Command Injection
Printer web page invalid command execution
75RISCO
abrir ↗Nucleicritical
OPNsense - Cross-Site Scripting to RCE
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 al
18RISCO
abrir ↗Nucleihigh
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Fun
18RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Fun
18RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPa
18RISCO
abrir ↗Nucleihigh
Emlog 2.1.9 - SQL Injection
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
18RISCO
abrir ↗Nucleihigh
Aria2 WebUI - Path traversal
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
18RISCO
abrir ↗Nucleicritical
PaperCut < 22.1.3 - Path Traversal
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete
85RISCO
abrir ↗Nucleimedium
Blog2Social < 7.2.1 - Cross-Site Scripting
Blog2Social < 7.2.1 - Reflected XSS
28RISCO
abrir ↗Nucleicritical
Cacti 1.2.24 - SQL Injection
Unauthenticated SQL Injection in graph_view.php in Cacti
85RISCO
abrir ↗Nucleicritical
ECTouch v2 - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\inse
18RISCO
abrir ↗Nucleimedium
IceWarp Email Client - Cross Site Scripting
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitra
18RISCO
abrir ↗Nucleimedium
IceWarp 11.4.6.0 - Cross-Site Scripting
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
18RISCO
abrir ↗Nucleicritical
PrestaShop Theme Volty CMS Blog - SQL Injection
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter a
18RISCO
abrir ↗Nucleimedium
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerabi
18RISCO
abrir ↗Nucleihigh
PrestaShop MyPrestaModules - PhpInfo Disclosure
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInf
30RISCO
abrir ↗Nucleimedium
IceWarp Mail Server v10.4.5 - Cross-Site Scripting
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.