Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RISCO
abrir
Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RISCO
abrir
Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RISCO
abrir
Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RISCO
abrir
Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RISCO
abrir
Nucleihigh
Adobe ColdFusion - Arbitrary File Read
CVE-2024-20767HIGHsob ataque
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir
Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RISCO
abrir
Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RISCO
abrir
Nucleihigh
MobSF - Path Traversal
Arbitrary file write on Decoding
36RISCO
abrir
Nucleimedium
Flarum < 1.8.5 - Open Redirect
Flarum's Logout Route allows open redirects
28RISCO
abrir
Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RISCO
abrir
Nucleimedium
pyload - Log Injection
pyLoad Log Injection
33RISCO
abrir
Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RISCO
abrir
Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir
Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
CVE-2024-21887CRITICALsob ataqueransomware
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir
Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
CVE-2024-21893HIGHsob ataqueransomware
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir
Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RISCO
abrir
Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RISCO
abrir
Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RISCO
abrir
Nucleihigh
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager code execution
65RISCO
abrir
Nucleicritical
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated
55RISCO
abrir
Nucleicritical
Netis MW5360 V1.0.1.3031 - Command Injection
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RISCO
abrir
Nucleimedium
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitr
28RISCO
abrir
Nucleimedium
Plone Docker - Host Header Injection
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper
28RISCO
abrir
Nucleimedium
NS-ASG Application Security Gateway 6.3 - Sql Injection
Netentsec NS-ASG Application Security Gateway index.php sql injection
33RISCO
abrir
Nucleihigh
aiohttp - Directory Traversal
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
70RISCO
abrir
Nucleimedium
Avada < 7.11.7 - Information Disclosure
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
33RISCO
abrir
Nucleicritical
Rejetto HTTP File Server - Template injection
CVE-2024-23692CRITICALsob ataque
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir
anteriorpágina 68 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.