Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleimedium
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwor
18RISCO
abrir ↗Nucleimedium
SuperWebMailer - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.
18RISCO
abrir ↗Nucleicritical
Adobe ColdFusion - Deserialization of Untrusted Data
Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE
95RISCO
abrir ↗Nucleihigh
Adobe ColdFusion - Access Control Bypass
ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298
88RISCO
abrir ↗Nucleicritical
Dahua Smart Park Management - Arbitrary File Upload
Dahua Smart Park Management unrestricted upload
70RISCO
abrir ↗Nucleimedium
mooDating 1.2 - Cross-site scripting
mooSocial mooDating URL question cross site scripting
43RISCO
abrir ↗Nucleihigh
Fujitsu IP Series - Hardcoded Credentials
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticat
18RISCO
abrir ↗Nucleimedium
MooDating 1.2 - Cross-Site Scripting
mooSocial mooDating URL friends cross site scripting
43RISCO
abrir ↗Nucleimedium
MooDating 1.2 - Cross-Site Scripting
mooSocial mooDating URL ajax_invite cross site scripting
43RISCO
abrir ↗Nucleimedium
MooDating 1.2 - Cross-Site Scripting
mooSocial mooDating URL pages cross site scripting
43RISCO
abrir ↗Nucleimedium
MooDating 1.2 - Cross-Site scripting
mooSocial mooDating URL users cross site scripting
43RISCO
abrir ↗Nucleimedium
MooDating 1.2 - Cross-site scripting
mooSocial mooDating URL view cross site scripting
43RISCO
abrir ↗Nucleimedium
mooDating 1.2 - Cross-site scripting
mooSocial mooDating URL find-a-match cross site scripting
43RISCO
abrir ↗Nucleimedium
CopyParty v1.8.6 - Cross Site Scripting
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RISCO
abrir ↗Nucleicritical
Metabase < 0.46.6.1 - Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISCO
abrir ↗Nucleimedium
PHP Login System 2.0.1 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to ex
18RISCO
abrir ↗Nucleihigh
openSIS v9.0 - Path Traversal
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a direc
18RISCO
abrir ↗Nucleihigh
ZKTeco BioTime v8.5.5 - Path Traversal
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbit
100RISCO
abrir ↗Nucleihigh
ZKTeco BioTime <= 9.0.1 - Privilege Escalation
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due
36RISCO
abrir ↗Nucleimedium
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
18RISCO
abrir ↗Nucleicritical
Jeecg-Boot v3.5.1 - SQL Injection
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeD
40RISCO
abrir ↗Nucleimedium
OPNsense - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition
18RISCO
abrir ↗Nucleicritical
OPNsense - Cross-Site Scripting to RCE
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 al
18RISCO
abrir ↗Nucleihigh
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Fun
18RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Fun
18RISCO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPa
18RISCO
abrir ↗Nucleihigh
Emlog 2.1.9 - SQL Injection
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
18RISCO
abrir ↗Nucleihigh
Aria2 WebUI - Path traversal
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
18RISCO
abrir ↗Nucleicritical
PaperCut < 22.1.3 - Path Traversal
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete
85RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.