Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
Rudloff alltube prior to 3.0.1 - Open Redirect
Open Redirect on Rudloff/alltube in rudloff/alltube
28RISCO
abrir
Nucleicritical
WordPress Master Elements <=8.0 - SQL Injection
Master Elements <= 8.0 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
GitLab CE/EE - Information Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions star
48RISCO
abrir
Nucleicritical
Infographic Maker iList < 4.3.8 - SQL Injection
Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection
23RISCO
abrir
Nucleicritical
WordPress Simple Link Directory <7.7.2 - SQL injection
Simple Link Directory < 7.7.2 - Unauthenticated SQL injection
23RISCO
abrir
Nucleimedium
WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Users Ultra <= 3.1.0 - SQL Injection
Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
18RISCO
abrir
Nucleicritical
Documentor <= 1.5.3 - Unauthenticated SQL Injection
Documentor <= 1.5.3 - Unauthenticated SQLi
30RISCO
abrir
Nucleimedium
RevealJS postMessage <4.3.0 - Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
28RISCO
abrir
Nucleicritical
WordPress Nirweb Support <2.8.2 - SQL Injection
Nirweb support < 2.8.2 - Unauthenticated SQLi
23RISCO
abrir
Nucleihigh
Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
WordPress Title Experiments Free <9.0.1 - SQL Injection
Title Experiments Free < 9.0.1 - Unauthenticated SQLi
23RISCO
abrir
Nucleicritical
WordPress Daily Prayer Time <2022.03.01 - SQL Injection
Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
WordPress KiviCare <2.3.9 - SQL Injection
KiviCare < 2.3.9 - Unauthenticated SQLi
23RISCO
abrir
Nucleicritical
Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection
WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
Ubigeo de Peru < 3.6.4 - SQL Injection
Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
WordPress BadgeOS <=3.7.0 - SQL Injection
BadgeOS <= 3.7.0 - Unauthenticated SQLi
23RISCO
abrir
Nucleihigh
Webmin <1.990 - Improper Access Control
Improper Access Control to Remote Code Execution in webmin/webmin
78RISCO
abrir
Nucleicritical
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
WordPress Best Books <=2.6.3 - SQL Injection
Bestbooks <= 2.6.3 - Unauthenticated SQLi
18RISCO
abrir
Nucleicritical
SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi
18RISCO
abrir
Nucleimedium
UpdraftPlus < 1.22.9 - Cross-Site Scripting
UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
WordPress ARPrice <3.6.1 - SQL Injection
ARPrice Lite < 3.6.1 - Unauthenticated SQLi
23RISCO
abrir
Nucleimedium
nitely/spirit 0.12.3 - Open Redirect
Multiple Open Redirect in nitely/spirit
28RISCO
abrir
Nucleimedium
Gogs <0.12.5 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in gogs/gogs
28RISCO
abrir
Nucleimedium
WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Member Hero <=1.0.9 - Remote Code Execution
Member Hero <= 1.0.9 - Unauthenticated RCE
18RISCO
abrir
Nucleimedium
Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
18RISCO
abrir
anteriorpágina 18 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.