Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
Netsweeper 4.0.3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x bef
18RISCO
abrir ↗Nucleimedium
Netsweeper 4.0.8 - Directory Traversal
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0
23RISCO
abrir ↗Nucleicritical
Netsweeper 4.0.5 - Default Weak Account
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it eas
30RISCO
abrir ↗Nucleimedium
Netsweeper 4.0.4 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or H
18RISCO
abrir ↗Nucleimedium
Netsweeper 3.0.6 - Open Redirection
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to re
18RISCO
abrir ↗Nucleicritical
Netsweeper - Authentication Bypass
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att
60RISCO
abrir ↗Nucleihigh
WordPress RevSlider - Remote Code Execution via File Upload
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier
60RISCO
abrir ↗Nucleicritical
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly rest
50RISCO
abrir ↗Nucleihigh
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
18RISCO
abrir ↗Nucleihigh
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
Remote file download in simple-image-manipulator v1.0 wordpress plugin
18RISCO
abrir ↗Nucleihigh
WordPress MyPixs <=0.3 - Local File Inclusion
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
18RISCO
abrir ↗Nucleicritical
Xdebug <= 2.5.5 - Command Injection
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RISCO
abrir ↗Nucleihigh
ElasticSearch - Remote Code Execution
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the s
100RISCO
abrir ↗Nucleihigh
IceWarp Mail Server <11.1.1 - Directory Traversal
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary
50RISCO
abrir ↗Nucleimedium
WordPress Slider Revolution - Local File Disclosure
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitra
43RISCO
abrir ↗Nucleicritical
Microsoft Windows 'HTTP.sys' - Remote Code Execution
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold an
100RISCO
abrir ↗Nucleimedium
Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote a
23RISCO
abrir ↗Nucleihigh
WP Attachment Export < 0.2.4 - Unrestricted File Download
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
18RISCO
abrir ↗Nucleimedium
Magento Server MAGMI - Directory Traversal
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento
50RISCO
abrir ↗Nucleimedium
Magento Server Mass Importer - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server a
43RISCO
abrir ↗Nucleihigh
Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive informat
60RISCO
abrir ↗Nucleimedium
Ericsson Drutt MSDP - Local File Inclusion
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5
43RISCO
abrir ↗Nucleihigh
WordPress Spider Calendar <=1.4.9 - SQL Injection
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQ
43RISCO
abrir ↗Nucleimedium
WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for Wo
18RISCO
abrir ↗Nucleicritical
DotNetNuke 07.04.00 - Administration Authentication Bypass
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain S
60RISCO
abrir ↗Nucleimedium
Navis DocumentCloud <0.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress a
18RISCO
abrir ↗Nucleimedium
Kaseya Virtual System Administrator - Open Redirect
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b
43RISCO
abrir ↗Nucleihigh
SysAid Help Desk <15.2 - Local File Inclusion
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISCO
abrir ↗Nucleihigh
TP-LINK - Local File Inclusion
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RISCO
abrir ↗Nucleimedium
Ruby on Rails Web Console - Remote Code Execution
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.