Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2516015 jul 2021
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
23RISCO
abrir
Exploit-DB
Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)
CVE-2021-3176214 jul 2021
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users fea
23RISCO
abrir
Exploit-DB
OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)
CVE-2018-1513913 jul 2021
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote
28RISCO
abrir
Exploit-DB
Apache Tomcat 9.0.0.M1 - Open Redirect
CVE-2018-1178413 jul 2021
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a r
60RISCO
abrir
Exploit-DB
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
CVE-2019-022113 jul 2021
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided
50RISCO
abrir
Exploit-DB
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)
CVE-2021-2291107 jul 2021
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir
Exploit-DB
WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)
CVE-2018-1587707 jul 2021
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir
Exploit-DB
Pallets Werkzeug 0.15.4 - Path Traversal
CVE-2019-1432206 jul 2021
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
50RISCO
abrir
Exploit-DB
Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)
CVE-2021-2415505 jul 2021
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISCO
abrir
Exploit-DB
Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)
CVE-2021-2414602 jul 2021
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
50RISCO
abrir
Exploit-DB
Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)
CVE-2021-2414502 jul 2021
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISCO
abrir
Exploit-DB
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
CVE-2021-3595602 jul 2021
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote aut
23RISCO
abrir
Exploit-DB
Scratch Desktop 3.17 - Remote Code Execution
CVE-2020-7750CRITICAL02 jul 2021
Cross-site Scripting (XSS)
48RISCO
abrir
Exploit-DB
Wordpress Plugin XCloner 4.2.12 - Remote Code Execution (Authenticated)
CVE-2020-35948CRITICAL01 jul 2021
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated atta
53RISCO
abrir
Exploit-DB
ES File Explorer 4.1.9.7.4 - Arbitrary File Read
CVE-2019-644729 jun 2021
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISCO
abrir
Exploit-DB
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2607828 jun 2021
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before
23RISCO
abrir
Exploit-DB
Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
CVE-2019-1274425 jun 2021
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a differe
28RISCO
abrir
Exploit-DB
Adobe ColdFusion 8 - Remote Command Execution (RCE)
CVE-2009-226524 jun 2021
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable fil
60RISCO
abrir
Exploit-DB
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-21972CRITICALsob ataqueransomware24 jun 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISCO
abrir
Exploit-DB
TP-Link TL-WR841N - Command Injection
CVE-2020-3557624 jun 2021
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216
35RISCO
abrir
Exploit-DB
WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
CVE-2021-2438323 jun 2021
WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)
23RISCO
abrir
Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
CVE-2020-14871CRITICALsob ataque21 jun 2021
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISCO
abrir
Exploit-DB
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
CVE-2019-1453021 jun 2021
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can
50RISCO
abrir
Exploit-DB
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
CVE-2021-3230521 jun 2021
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RISCO
abrir
Exploit-DB
Node.JS - 'node-serialize' Remote Code Execution (3)
CVE-2017-594118 jun 2021
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
CVE-2021-3115917 jun 2021
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-messag
28RISCO
abrir
Exploit-DB
OpenEMR 5.0.1.3 - Authentication Bypass
CVE-2018-1515216 jun 2021
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote
28RISCO
abrir
Exploit-DB
Polkit 0.105-26 0.117-2 - Local Privilege Escalation
CVE-2021-3560HIGHsob ataque15 jun 2021
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir
Exploit-DB
Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
CVE-2021-3437014 jun 2021
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are
38RISCO
abrir
Exploit-DB
Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)
CVE-2021-3436914 jun 2021
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensiti
23RISCO
abrir
anteriorpágina 33 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.