Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that red
18RISCO
abrir
Nucleimedium
Grav < 1.7 - Open Redirect
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
23RISCO
abrir
Nucleicritical
WordPress Chop Slider 3 - Blind SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISCO
abrir
Nucleicritical
SuperWebmailer 7.21.0.01526 - Remote Code Execution
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailing
50RISCO
abrir
Nucleimedium
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes runn
30RISCO
abrir
Nucleicritical
Kong Admin <=2.03 - Admin API Access
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces othe
30RISCO
abrir
Nucleihigh
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_ga
18RISCO
abrir
Nucleihigh
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
CVE-2020-11738HIGHsob ataque
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISCO
abrir
Nucleimedium
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RISCO
abrir
Nucleihigh
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir
Nucleicritical
Micro Focus UCMDB - Remote Code Execution
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RISCO
abrir
Nucleimedium
WordPress GTranslate <2.8.52 - Cross-Site Scripting
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflan
18RISCO
abrir
Nucleicritical
Apache Unomi - Remote Code Execution
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the J
43RISCO
abrir
Nucleihigh
Apache Airflow <=1.10.10 - Remote Code Execution
CVE-2020-11978HIGHsob ataque
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISCO
abrir
Nucleicritical
Apache HTTP Server - Remote Code Execution
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
60RISCO
abrir
Nucleihigh
Apache Cocoon 2.1.12 - XML Injection
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system e
40RISCO
abrir
Nucleimedium
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also a
18RISCO
abrir
Nucleihigh
Zoho ManageEngine OpManger - Arbitrary File Read
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attack
40RISCO
abrir
Nucleicritical
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.1
60RISCO
abrir
Nucleihigh
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030
18RISCO
abrir
Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can
40RISCO
abrir
Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can
40RISCO
abrir
Nucleimedium
Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page=
18RISCO
abrir
Nucleihigh
Onkyo TX-NR585 Web Interface - Directory Traversal
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users
23RISCO
abrir
Nucleihigh
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include bac
18RISCO
abrir
Nucleicritical
Roundcube Webmail - Command Injection
CVE-2020-12641CRITICALsob ataque
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in
100RISCO
abrir
Nucleicritical
vBulletin SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISCO
abrir
Nucleicritical
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RISCO
abrir
Nucleicritical
WordPress Simple File List - Path Traversal
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files be
18RISCO
abrir
Nucleicritical
Wavlink Multiple AP - Remote Command Injection
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands
30RISCO
abrir
anteriorpágina 33 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.