Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.622exploits catalogados
32.030CVEs com exploração pública
1.932testados em laboratório
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8.100Nuclei 4.191Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.191 exploits
Nucleicritical
Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Unauthenticated LFI
63RISCO
abrir ↗Nucleihigh
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
28RISCO
abrir ↗Nucleihigh
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
36RISCO
abrir ↗Nucleicritical
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute
43RISCO
abrir ↗Nucleihigh
Splunk Enterprise - Local File Inclusion
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RISCO
abrir ↗Nucleicritical
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir ↗Nucleimedium
Argo CD Unauthenticated Access to sensitive setting
Unauthenticated Access to sensitive settings in Argo CD
28RISCO
abrir ↗Nucleimedium
WP Extended < 3.0.0 - Stored Cross-Site Scripting
WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
36RISCO
abrir ↗Nucleimedium
WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting
WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
36RISCO
abrir ↗Nucleicritical
SecurEnvoy Two Factor Authentication - LDAP Injection
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-suppl
63RISCO
abrir ↗Nucleihigh
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
36RISCO
abrir ↗Nucleimedium
GnuBoard5 5.5.16 - Open Redirect
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the in
28RISCO
abrir ↗Nucleihigh
OfficeWeb365 Indexs Interface - Arbitrary File Read
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 al
36RISCO
abrir ↗Nucleicritical
Craft CMS <=v3.7.31 - SQL Injection
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
48RISCO
abrir ↗Nucleicritical
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
68RISCO
abrir ↗Nucleicritical
Cost Calculator Builder <= 3.2.15 - SQL Injection
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
43RISCO
abrir ↗Nucleicritical
BerqWP <= 1.7.6 - Arbitrary File Upload
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
63RISCO
abrir ↗Nucleihigh
Gradio - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in gradio-app/gradio
48RISCO
abrir ↗Nucleimedium
Contest Gallery - Broken Access Control
WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
28RISCO
abrir ↗Nucleicritical
Moodle - Remote Code Execution
Moodle: remote code execution via calculated question types
78RISCO
abrir ↗Nucleicritical
Apache HugeGraph-Server <1.5.0 - Authentication Bypass
Apache HugeGraph-Server: Fixed JWT Token(Secret)
55RISCO
abrir ↗Nucleimedium
osCommerce v4.0 - Cross-site Scripting
osCommerce all-products cross site scripting
28RISCO
abrir ↗Nucleicritical
Progress Telerik Report Server - Authentication Bypass
Registration Authentication Bypass Vulnerability
100RISCO
abrir ↗Nucleicritical
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RISCO
abrir ↗Nucleicritical
YARPP <= 5.30.10 - Missing Authorization
WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability
40RISCO
abrir ↗Nucleicritical
SendGrid for WordPress <= 1.4 - SQL Injection
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
36RISCO
abrir ↗Nucleimedium
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WordPress Sunshine Photo Cart plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
36RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.