Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
CVE-2021-26086MEDIUMsob ataque06 out 2021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path tr
100RISCO
abrir
Exploit-DB
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
CVE-2021-41773HIGHsob ataqueransomware06 out 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
Exploit-DB
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
CVE-2021-26085MEDIUMsob ataqueransomware05 out 2021
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authoriza
100RISCO
abrir
Exploit-DB
WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
CVE-2021-4131801 out 2021
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input.
23RISCO
abrir
Exploit-DB
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2428729 set 2021
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir
Exploit-DB
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
CVE-2021-2428629 set 2021
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir
Exploit-DB
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427628 set 2021
Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir
Exploit-DB
WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427428 set 2021
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir
Exploit-DB
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2461028 set 2021
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
23RISCO
abrir
Exploit-DB
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427528 set 2021
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir
Exploit-DB
XAMPP 7.4.3 - Local Privilege Escalation
CVE-2020-1110727 set 2021
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged
28RISCO
abrir
Exploit-DB
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
CVE-2021-4087523 set 2021
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RISCO
abrir
Exploit-DB
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2416923 set 2021
Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir
Exploit-DB
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
CVE-2021-2427223 set 2021
Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
23RISCO
abrir
Exploit-DB
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
CVE-2021-4086822 set 2021
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
38RISCO
abrir
Exploit-DB
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
CVE-2019-1335822 set 2021
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying opera
28RISCO
abrir
Exploit-DB
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
CVE-2021-29447HIGH20 set 2021
WordPress Authenticated XXE attack when installation is running PHP 8
63RISCO
abrir
Exploit-DB
WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass
CVE-2021-34646CRITICAL17 set 2021
Booster for WooCommerce <= 5.4.3 Authentication Bypass
60RISCO
abrir
Exploit-DB
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
CVE-2021-2404013 set 2021
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files c
28RISCO
abrir
Exploit-DB
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-3960806 set 2021
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
35RISCO
abrir
Exploit-DB
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
CVE-2021-4035206 set 2021
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can re
23RISCO
abrir
Exploit-DB
Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)
CVE-2021-4037902 set 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 doe
28RISCO
abrir
Exploit-DB
Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure
CVE-2021-4038102 set 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows
28RISCO
abrir
Exploit-DB
Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure
CVE-2021-4038202 set 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allo
28RISCO
abrir
Exploit-DB
Compro Technology IP Camera - 'Multiple' Credential Disclosure
CVE-2021-4038002 set 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and set
28RISCO
abrir
Exploit-DB
Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)
CVE-2021-4037802 set 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killp
28RISCO
abrir
Exploit-DB
Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-26084CRITICALsob ataqueransomware01 set 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
Exploit-DB
Umbraco CMS 8.9.1 - Directory Traversal
CVE-2020-581131 ago 2021
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, whi
23RISCO
abrir
Exploit-DB
WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)
CVE-2021-34621CRITICAL31 ago 2021
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
75RISCO
abrir
Exploit-DB
Strapi 3.0.0-beta - Set Password (Unauthenticated)
CVE-2019-1881830 ago 2021
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir
anteriorpágina 31 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.