Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleihigh
Apache HugeGraph-Server - Remote Command Execution
CVE-2024-27348CRITICALsob ataque
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir
Nucleimedium
Zimbra Collaboration - Cross-Site Scripting (XSS)
CVE-2024-27443MEDIUMsob ataque
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in
63RISCO
abrir
Nucleihigh
Linksys E2000 1.0.06 position.js Improper Authentication
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.
41RISCO
abrir
Nucleihigh
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references sec
60RISCO
abrir
Nucleicritical
Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
63RISCO
abrir
Nucleihigh
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain s
36RISCO
abrir
Nucleihigh
WordPress FluentForms <= 5.1.16 - Broken Access Control
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation
56RISCO
abrir
Nucleicritical
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability
85RISCO
abrir
Nucleicritical
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
85RISCO
abrir
Nucleicritical
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
75RISCO
abrir
Nucleicritical
N-able N-central < 2024.2 - Authentication Bypass Detection
N-central Authentication Bypass
43RISCO
abrir
Nucleicritical
OpenMetaData - SpEL Injection in PUT /api/v1/policies
SpEL Injection in `PUT /api/v1/policies` in OpenMetadata
48RISCO
abrir
Nucleicritical
OpenMetadata - Authentication Bypass
Authentication Bypass in OpenMetadata
85RISCO
abrir
Nucleimedium
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir
Nucleihigh
LG LED Assistant - Unauthenticated Password Reset
Password reset vulnerability without authorization on LG LED Assistant
55RISCO
abrir
Nucleimedium
RiteCMS 3.0.0 - Cross-site Scripting
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_sec
48RISCO
abrir
Nucleihigh
LG LED Assistant - Thumbnail Path Traversal File Upload
Path traversal via file upload on LG LED Assistant
40RISCO
abrir
Nucleimedium
Coda v.2024Q1 - Cross-Site Scripting
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary
28RISCO
abrir
Nucleihigh
Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read
Apache CXF SSRF Vulnerability using the Aegis databinding
63RISCO
abrir
Nucleicritical
Wordpress Email Subscribers by Icegram Express - SQL Injection
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection
85RISCO
abrir
Nucleihigh
WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.1
68RISCO
abrir
Nucleicritical
SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization
CVE-2024-28986CRITICALsob ataque
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
95RISCO
abrir
Nucleicritical
SolarWinds Web Help Desk - Hardcoded Credential
CVE-2024-28987CRITICALsob ataque
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
100RISCO
abrir
Nucleihigh
SolarWinds Serv-U - Directory Traversal
CVE-2024-28995HIGHsob ataque
SolarWinds Serv-U L Directory Transversal Vulnerability
100RISCO
abrir
Nucleimedium
Memos 0.13.2 - Server-Side Request Forgery
memos vulnerable to an SSRF in /o/get/httpmeta
28RISCO
abrir
Nucleimedium
Memos 0.13.2 - Cross-Site Scripting & SSRF
memos vulnerable to an SSRF in /o/get/image
28RISCO
abrir
Nucleimedium
Memos 0.13.2 - Server-Side Request Forgery
memos vulnerable to an SSRF in /api/resource
28RISCO
abrir
Nucleihigh
.NET Framework - Leaking ObjRefs via HTTP .NET Remoting
CVE-2024-29059HIGHsob ataque
.NET Framework Information Disclosure Vulnerability
100RISCO
abrir
Nucleihigh
WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
Nucleimedium
WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
anteriorpágina 70 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.