Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.063exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Hospital Management Startup 1.0 - 'Multiple' SQLi
CVE-2022-2336610 fev 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
23RISCO
abrir
Exploit-DB
AtomCMS v2.0 - SQLi
CVE-2022-2422309 fev 2022
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
50RISCO
abrir
Exploit-DB
FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)
CVE-2021-4639808 fev 2022
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor use
23RISCO
abrir
Exploit-DB
WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
CVE-2022-044808 fev 2022
CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
23RISCO
abrir
Exploit-DB
Hospital Management System 4.0 - 'multiple' SQL Injection
CVE-2022-2426308 fev 2022
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-m
23RISCO
abrir
Exploit-DB
Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion
CVE-2020-3574908 fev 2022
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2
50RISCO
abrir
Exploit-DB
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit)
CVE-2019-1881808 fev 2022
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
Exploit-DB
WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
CVE-2021-2490108 fev 2022
Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
23RISCO
abrir
Exploit-DB
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)
CVE-2022-2283204 fev 2022
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/u
28RISCO
abrir
Exploit-DB
Servisnet Tessa - Privilege Escalation (Metasploit)
CVE-2022-2283304 fev 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
28RISCO
abrir
Exploit-DB
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
CVE-2021-2448802 fev 2022
Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir
Exploit-DB
Moodle 3.11.4 - SQL Injection
CVE-2022-033202 fev 2022
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web serv
35RISCO
abrir
Exploit-DB
WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
CVE-2021-2430002 fev 2022
PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir
Exploit-DB
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
CVE-2021-24786HIGH02 fev 2022
Download Monitor < 4.4.5 - Admin+ SQL Injection
61RISCO
abrir
Exploit-DB
WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
CVE-2022-037702 fev 2022
LearnPress < 4.1.5 - Arbitrary Image Renaming
23RISCO
abrir
Exploit-DB
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2492602 fev 2022
Domain Check < 1.0.17 - Reflected Cross-Site Scripting
43RISCO
abrir
Exploit-DB
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
CVE-2015-932302 fev 2022
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
50RISCO
abrir
Exploit-DB
Mozilla Firefox 67 - Array.pop JIT Type Confusion
CVE-2019-11707HIGHsob ataque02 fev 2022
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RISCO
abrir
Exploit-DB
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2017-9841CRITICALsob ataque02 fev 2022
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir
Exploit-DB
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
CVE-2021-2424702 fev 2022
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
23RISCO
abrir
Exploit-DB
Chamilo LMS 1.11.14 - Account Takeover
CVE-2021-3739102 fev 2022
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator
23RISCO
abrir
Exploit-DB
WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2490427 jan 2022
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
23RISCO
abrir
Exploit-DB
WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)
CVE-2021-2486227 jan 2022
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RISCO
abrir
Exploit-DB
Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
CVE-2022-21371HIGH27 jan 2022
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported ve
78RISCO
abrir
Exploit-DB
WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
CVE-2021-2494627 jan 2022
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RISCO
abrir
Exploit-DB
PolicyKit-1 0.105-31 - Privilege Escalation
CVE-2021-4034HIGHsob ataque27 jan 2022
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
Exploit-DB
PHPIPAM 1.4.4 - SQLi (Authenticated)
CVE-2022-2304625 jan 2022
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a su
28RISCO
abrir
Exploit-DB
Creston Web Interface 1.0.0.2159 - Credential Disclosure
CVE-2022-2317818 jan 2022
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI
60RISCO
abrir
Exploit-DB
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
CVE-2021-2456312 jan 2022
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
28RISCO
abrir
Exploit-DB
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-4491610 jan 2022
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad
23RISCO
abrir
anteriorpágina 28 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.