Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
Skysa App Bar 1.04 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly befor
38RISCO
abrir ↗Nucleimedium
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress
43RISCO
abrir ↗Nucleimedium
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.
43RISCO
abrir ↗Nucleimedium
Featurific For WordPress 1.6.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress
38RISCO
abrir ↗Nucleimedium
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RISCO
abrir ↗Nucleimedium
Apache Struts <2.3.1.1 - Remote Code Execution
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RISCO
abrir ↗Nucleimedium
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remo
43RISCO
abrir ↗Nucleimedium
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows r
38RISCO
abrir ↗Nucleimedium
phpShowtime 2.0 - Directory Traversal
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image fil
43RISCO
abrir ↗Nucleilow
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files v
43RISCO
abrir ↗Nucleimedium
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary f
38RISCO
abrir ↗Nucleihigh
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
36RISCO
abrir ↗Nucleihigh
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files
43RISCO
abrir ↗Nucleihigh
PHP CGI v5.3.12/5.4.2 Remote Code Execution
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISCO
abrir ↗Nucleimedium
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress al
38RISCO
abrir ↗Nucleimedium
WP-FaceThumb 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attacke
43RISCO
abrir ↗Nucleimedium
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISCO
abrir ↗Nucleimedium
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users t
38RISCO
abrir ↗Nucleimedium
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to in
38RISCO
abrir ↗Nucleimedium
MySQLDumper 1.24.4 - Directory Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a
38RISCO
abrir ↗Nucleimedium
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for Wor
18RISCO
abrir ↗Nucleimedium
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
18RISCO
abrir ↗Nucleimedium
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac
43RISCO
abrir ↗Nucleimedium
FlatnuX CMS - Directory Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to r
38RISCO
abrir ↗Nucleimedium
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inje
38RISCO
abrir ↗Nucleimedium
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RISCO
abrir ↗Nucleimedium
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to
38RISCO
abrir ↗Nucleimedium
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frame
43RISCO
abrir ↗Nucleimedium
WordPress Integrator 1.32 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allo
38RISCO
abrir ↗Nucleimedium
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
43RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.