Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleimedium
WP Finance Plugin <= 1.3.6 - Cross-Site Scripting
WP Finance <= 1.3.6 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress Email Newsletter - Reflected XSS
WP Email Newsletter <= 1.1 - Reflected XSS
28RISCO
abrir
Nucleimedium
Widget4Call WordPress - Cross-Site Scripting
Widget4call <= 1.0.7 - Reflected XSS
28RISCO
abrir
Nucleimedium
WP MediaTagger <= 4.1.1 - Cross-Site Scripting
WP MediaTagger <= 4.1.1 - Reflected XSS
28RISCO
abrir
Nucleimedium
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
Download Manager < 3.3.07 - Unauthenticated Data Exposure
28RISCO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
CVE-2024-13159CRITICALsob ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
CVE-2024-13160CRITICALsob ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
CVE-2024-13161CRITICALsob ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir
Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RISCO
abrir
Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RISCO
abrir
Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RISCO
abrir
Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RISCO
abrir
Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RISCO
abrir
Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RISCO
abrir
Nucleihigh
Adobe ColdFusion - Arbitrary File Read
CVE-2024-20767HIGHsob ataque
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir
Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RISCO
abrir
Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RISCO
abrir
Nucleihigh
MobSF - Path Traversal
Arbitrary file write on Decoding
36RISCO
abrir
Nucleimedium
Flarum < 1.8.5 - Open Redirect
Flarum's Logout Route allows open redirects
28RISCO
abrir
Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RISCO
abrir
Nucleimedium
pyload - Log Injection
pyLoad Log Injection
33RISCO
abrir
Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RISCO
abrir
Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir
Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
CVE-2024-21887CRITICALsob ataqueransomware
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir
Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
CVE-2024-21893HIGHsob ataqueransomware
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir
Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RISCO
abrir
Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RISCO
abrir
Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RISCO
abrir
anteriorpágina 69 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.