Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleimedium
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that red
18RISCO
abrir ↗Nucleimedium
Grav < 1.7 - Open Redirect
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
23RISCO
abrir ↗Nucleicritical
WordPress Chop Slider 3 - Blind SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RISCO
abrir ↗Nucleicritical
SuperWebmailer 7.21.0.01526 - Remote Code Execution
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailing
50RISCO
abrir ↗Nucleimedium
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes runn
30RISCO
abrir ↗Nucleicritical
Kong Admin <=2.03 - Admin API Access
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces othe
30RISCO
abrir ↗Nucleihigh
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_ga
18RISCO
abrir ↗Nucleihigh
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RISCO
abrir ↗Nucleimedium
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RISCO
abrir ↗Nucleihigh
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RISCO
abrir ↗Nucleicritical
Micro Focus UCMDB - Remote Code Execution
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RISCO
abrir ↗Nucleimedium
WordPress GTranslate <2.8.52 - Cross-Site Scripting
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflan
18RISCO
abrir ↗Nucleicritical
Apache Unomi - Remote Code Execution
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the J
43RISCO
abrir ↗Nucleihigh
Apache Airflow <=1.10.10 - Remote Code Execution
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISCO
abrir ↗Nucleicritical
Apache HTTP Server - Remote Code Execution
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
60RISCO
abrir ↗Nucleihigh
Apache Cocoon 2.1.12 - XML Injection
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system e
40RISCO
abrir ↗Nucleimedium
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also a
18RISCO
abrir ↗Nucleihigh
Zoho ManageEngine OpManger - Arbitrary File Read
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attack
40RISCO
abrir ↗Nucleicritical
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.1
60RISCO
abrir ↗Nucleihigh
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030
18RISCO
abrir ↗Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can
40RISCO
abrir ↗Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can
40RISCO
abrir ↗Nucleimedium
Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page=
18RISCO
abrir ↗Nucleihigh
Onkyo TX-NR585 Web Interface - Directory Traversal
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users
23RISCO
abrir ↗Nucleihigh
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include bac
18RISCO
abrir ↗Nucleicritical
Roundcube Webmail - Command Injection
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in
100RISCO
abrir ↗Nucleicritical
vBulletin SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RISCO
abrir ↗Nucleicritical
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RISCO
abrir ↗Nucleicritical
WordPress Simple File List - Path Traversal
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files be
18RISCO
abrir ↗Nucleicritical
Wavlink Multiple AP - Remote Command Injection
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands
30RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.