Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.622exploits catalogados
32.030CVEs com exploração pública
1.932testados em laboratório
4.191 exploits
Nucleicritical
Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Unauthenticated LFI
63RISCO
abrir
Nucleihigh
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
28RISCO
abrir
Nucleihigh
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
36RISCO
abrir
Nucleicritical
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute
43RISCO
abrir
Nucleihigh
Splunk Enterprise - Local File Inclusion
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RISCO
abrir
Nucleicritical
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir
Nucleimedium
Argo CD Unauthenticated Access to sensitive setting
Unauthenticated Access to sensitive settings in Argo CD
28RISCO
abrir
Nucleimedium
WP Extended < 3.0.0 - Stored Cross-Site Scripting
WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
Nucleimedium
WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting
WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
Nucleicritical
SecurEnvoy Two Factor Authentication - LDAP Injection
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-suppl
63RISCO
abrir
Nucleihigh
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
36RISCO
abrir
Nucleimedium
Hostel < 1.1.5.3 - Cross-Site Scripting
Hostel < 1.1.5.3 - Reflected XSS
28RISCO
abrir
Nucleimedium
GnuBoard5 5.5.16 - Open Redirect
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the in
28RISCO
abrir
Nucleihigh
OfficeWeb365 Indexs Interface - Arbitrary File Read
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 al
36RISCO
abrir
Nucleicritical
Craft CMS <=v3.7.31 - SQL Injection
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
48RISCO
abrir
Nucleicritical
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
68RISCO
abrir
Nucleicritical
Cost Calculator Builder <= 3.2.15 - SQL Injection
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
43RISCO
abrir
Nucleicritical
BerqWP <= 1.7.6 - Arbitrary File Upload
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
63RISCO
abrir
Nucleihigh
LoLLMS WebUI < 9.8 - Path Traversal
Path Traversal in parisneo/lollms-webui
48RISCO
abrir
Nucleihigh
Gradio - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in gradio-app/gradio
48RISCO
abrir
Nucleimedium
Contest Gallery - Broken Access Control
WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
28RISCO
abrir
Nucleicritical
ZoneMinder - SQL Injection
ZoneMinder Time-based SQL Injection
43RISCO
abrir
Nucleicritical
Moodle - Remote Code Execution
Moodle: remote code execution via calculated question types
78RISCO
abrir
Nucleicritical
Apache HugeGraph-Server <1.5.0 - Authentication Bypass
Apache HugeGraph-Server: Fixed JWT Token(Secret)
55RISCO
abrir
Nucleimedium
osCommerce v4.0 - Cross-site Scripting
osCommerce all-products cross site scripting
28RISCO
abrir
Nucleicritical
Progress Telerik Report Server - Authentication Bypass
CVE-2024-4358CRITICALsob ataque
Registration Authentication Bypass Vulnerability
100RISCO
abrir
Nucleicritical
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RISCO
abrir
Nucleicritical
YARPP <= 5.30.10 - Missing Authorization
WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability
40RISCO
abrir
Nucleicritical
SendGrid for WordPress <= 1.4 - SQL Injection
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
36RISCO
abrir
Nucleimedium
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WordPress Sunshine Photo Cart plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
anteriorpágina 73 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.