Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleimedium
WP Finance Plugin <= 1.3.6 - Cross-Site Scripting
WP Finance <= 1.3.6 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress Email Newsletter - Reflected XSS
WP Email Newsletter <= 1.1 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
Widget4Call WordPress - Cross-Site Scripting
Widget4call <= 1.0.7 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WP MediaTagger <= 4.1.1 - Cross-Site Scripting
WP MediaTagger <= 4.1.1 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
Download Manager < 3.3.07 - Unauthenticated Data Exposure
28RISCO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISCO
abrir ↗Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RISCO
abrir ↗Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RISCO
abrir ↗Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RISCO
abrir ↗Nucleihigh
Adobe ColdFusion - Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RISCO
abrir ↗Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RISCO
abrir ↗Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RISCO
abrir ↗Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RISCO
abrir ↗Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RISCO
abrir ↗Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RISCO
abrir ↗Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISCO
abrir ↗Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISCO
abrir ↗Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RISCO
abrir ↗Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RISCO
abrir ↗Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.