Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.292exploits catalogados
31.741CVEs com exploração pública
0testados em laboratório
4.191 exploits
Nucleihigh
Mlflow < 2.9.2 - Path Traversal
Path Traversal Vulnerability in mlflow/mlflow
36RISCO
abrir
Nucleicritical
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection
85RISCO
abrir
Nucleihigh
Gradio 4.3-4.12 - Local File Read
Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
56RISCO
abrir
Nucleicritical
NotificationX <= 2.8.2 - SQL Injection
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RISCO
abrir
Nucleicritical
ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
CVE-2024-1709CRITICALsob ataqueransomware
Authentication bypass using an alternate path or channel
100RISCO
abrir
Nucleihigh
Gradio > 4.19.1 UploadButton - Path Traversal
Local File Inclusion in gradio-app/gradio
58RISCO
abrir
Nucleihigh
Tutor LMS <= 2.1.10 - SQL Injection
Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
36RISCO
abrir
Nucleimedium
Cisco Finesse - Server-Side Request Forgery (SSRF)
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
61RISCO
abrir
Nucleicritical
Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RISCO
abrir
Nucleicritical
Hardcoded Admin Credentials For Cisco Smart Licensing Utility API
CVE-2024-20439CRITICALsob ataque
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an a
95RISCO
abrir
Nucleicritical
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir
Nucleimedium
Liferay Portal - Open Redirect
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 be
28RISCO
abrir
Nucleicritical
ZenML ZenML Server - Improper Authentication
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because t
58RISCO
abrir
Nucleihigh
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RISCO
abrir
Nucleihigh
Linksys RE7000 - Command Injection
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter
41RISCO
abrir
Nucleimedium
Fujian Kelixin Communication - Command Injection
Fujian Kelixin Communication Command and Dispatch Platform pwd_update.php sql injection
28RISCO
abrir
Nucleihigh
Avid NEXIS Agent - Arbitrary File Read
Authenticated Arbitrary File Read affecting Avid NEXIS
36RISCO
abrir
Nucleihigh
ReCrystallize Server - Authentication Bypass
ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind
48RISCO
abrir
Nucleicritical
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
63RISCO
abrir
Nucleihigh
SOPlanning - Remote Code Execution
Remote Code Execution through File Upload in SOPlanning before 1.52.02
43RISCO
abrir
Nucleicritical
TeamCity < 2023.11.4 - Authentication Bypass
CVE-2024-27198CRITICALsob ataqueransomware
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
Nucleihigh
TeamCity < 2023.11.4 - Authentication Bypass
CVE-2024-27199HIGHsob ataqueransomware
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
100RISCO
abrir
Nucleihigh
Docassemble - Local File Inclusion
Docassemble unauthorized access through URL manipulation
68RISCO
abrir
Nucleihigh
Apache HugeGraph-Server - Remote Command Execution
CVE-2024-27348CRITICALsob ataque
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir
Nucleimedium
Zimbra Collaboration - Cross-Site Scripting (XSS)
CVE-2024-27443MEDIUMsob ataque
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in
63RISCO
abrir
Nucleihigh
Linksys E2000 1.0.06 position.js Improper Authentication
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.
41RISCO
abrir
Nucleihigh
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references sec
60RISCO
abrir
Nucleicritical
Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
63RISCO
abrir
Nucleihigh
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain s
36RISCO
abrir
Nucleihigh
WordPress FluentForms <= 5.1.16 - Broken Access Control
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation
56RISCO
abrir
anteriorpágina 72 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.