Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RISCO
abrir ↗Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RISCO
abrir ↗Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RISCO
abrir ↗Nucleihigh
Adobe ColdFusion - Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir ↗Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RISCO
abrir ↗Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RISCO
abrir ↗Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RISCO
abrir ↗Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RISCO
abrir ↗Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir ↗Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir ↗Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir ↗Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RISCO
abrir ↗Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RISCO
abrir ↗Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RISCO
abrir ↗Nucleihigh
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager code execution
65RISCO
abrir ↗Nucleicritical
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated
55RISCO
abrir ↗Nucleicritical
Netis MW5360 V1.0.1.3031 - Command Injection
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RISCO
abrir ↗Nucleimedium
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitr
28RISCO
abrir ↗Nucleimedium
Plone Docker - Host Header Injection
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper
28RISCO
abrir ↗Nucleimedium
NS-ASG Application Security Gateway 6.3 - Sql Injection
Netentsec NS-ASG Application Security Gateway index.php sql injection
33RISCO
abrir ↗Nucleihigh
aiohttp - Directory Traversal
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
70RISCO
abrir ↗Nucleimedium
Avada < 7.11.7 - Information Disclosure
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
33RISCO
abrir ↗Nucleicritical
Rejetto HTTP File Server - Template injection
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.