Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
Elasticsearch - Local File Inclusion
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, a
50RISCO
abrir
Nucleihigh
ResourceSpace - Local File inclusion
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote atta
18RISCO
abrir
Nucleimedium
Bonita BPM Portal <6.5.3 - Local File Inclusion
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via
43RISCO
abrir
Nucleimedium
Symfony - Authentication Bypass
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.1
18RISCO
abrir
Nucleimedium
WordPress NewStatPress 0.9.8 - SQL Injection
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remo
38RISCO
abrir
Nucleilow
NewStatPress <0.9.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPres
38RISCO
abrir
Nucleihigh
Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RISCO
abrir
Nucleimedium
WordPress Church Admin <0.810 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers t
38RISCO
abrir
Nucleimedium
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player)
43RISCO
abrir
Nucleicritical
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin
50RISCO
abrir
Nucleihigh
Koha 3.20.1 - Directory Traversal
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08
50RISCO
abrir
Nucleimedium
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attack
43RISCO
abrir
Nucleimedium
Xsuite <=2.4.4.5 - Open Redirect
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sit
38RISCO
abrir
Nucleihigh
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote
23RISCO
abrir
Nucleimedium
Novius OS 5.0.1-elche - Open Redirect
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites
43RISCO
abrir
Nucleimedium
WordPress StageShow <5.0.9 - Open Redirect
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for
18RISCO
abrir
Nucleihigh
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers t
23RISCO
abrir
Nucleimedium
Swim Team <= v1.44.10777 - Local File Inclusion
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allo
50RISCO
abrir
Nucleimedium
ElasticSearch <1.6.1 - Local File Inclusion
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISCO
abrir
Nucleimedium
Geddy <13.0.8 - Local File Inclusion
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
18RISCO
abrir
Nucleimedium
Nordex NC2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA
33RISCO
abrir
Nucleimedium
Combodo iTop <2.2.0-2459 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows
18RISCO
abrir
Nucleimedium
WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote a
18RISCO
abrir
Nucleihigh
D-Link DVG-N5402SP - Local File Inclusion
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot
50RISCO
abrir
Nucleihigh
Joomla! Core SQL Injection
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RISCO
abrir
Nucleimedium
WordPress Pie-Register <2.0.19 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for W
18RISCO
abrir
Nucleicritical
IBM WebSphere Java Object Deserialization - Remote Code Execution
CVE-2015-7450CRITICALsob ataque
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RISCO
abrir
Nucleimedium
ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
23RISCO
abrir
Nucleimedium
Kentico CMS 8.2 - Open Redirect
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to red
18RISCO
abrir
Nucleimedium
SourceBans <2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary
18RISCO
abrir
anteriorpágina 11 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.