Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleicritical
Nette Framework - Remote Code Execution
Remote Code Execution vulnerability
68RISCO
abrir ↗Nucleicritical
DrayTek Vigor - Command Injection
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote
95RISCO
abrir ↗Nucleimedium
TileServer GL <=3.0.0 - Cross-Site Scripting
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RISCO
abrir ↗Nucleicritical
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RISCO
abrir ↗Nucleicritical
TerraMaster TOS <.1.29 - Remote Code Execution
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic cla
43RISCO
abrir ↗Nucleimedium
RosarioSIS 6.7.2 - Cross-Site Scripting
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc
38RISCO
abrir ↗Nucleihigh
Gogs 0.5.5 - 0.12.2 - Remote Code Execution
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privile
40RISCO
abrir ↗Nucleimedium
D-Link DIR-816L 2.x - Cross-Site Scripting
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no outp
18RISCO
abrir ↗Nucleicritical
Tiki Wiki CMS GroupWare - Authentication Bypass
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
23RISCO
abrir ↗Nucleicritical
Mida eFramework <=2.9.0 - Remote Command Execution
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISCO
abrir ↗Nucleihigh
Cisco Unified IP Conference Station 7937G - Denial-of-Service
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the de
40RISCO
abrir ↗Nucleimedium
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this mi
18RISCO
abrir ↗Nucleicritical
SaltStack <=3002 - Shell Injection
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RISCO
abrir ↗Nucleihigh
Microsoft SharePoint - Remote Code Execution
Microsoft SharePoint Remote Code Execution Vulnerability
58RISCO
abrir ↗Nucleimedium
Nova Lite < 1.3.9 - Cross-Site Scripting
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
18RISCO
abrir ↗Nucleimedium
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
43RISCO
abrir ↗Nucleicritical
SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi pa
60RISCO
abrir ↗Nucleicritical
Fuel CMS 1.4.7 - SQL Injection
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
100RISCO
abrir ↗Nucleicritical
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbe
100RISCO
abrir ↗Nucleihigh
Artica Web Proxy 4.30 - OS Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter i
40RISCO
abrir ↗Nucleicritical
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISCO
abrir ↗Nucleihigh
Apache Flink 1.5.1 - Local File Inclusion
Apache Flink directory traversal attack: remote file writing through the REST API
50RISCO
abrir ↗Nucleihigh
Apache Flink - Local File Inclusion
Apache Flink directory traversal attack: reading remote files through the REST API
100RISCO
abrir ↗Nucleihigh
Apache Airflow <1.10.14 - Authentication Bypass
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a maliciou
23RISCO
abrir ↗Nucleicritical
Apache Struts 2.0.0-2.5.25 - Remote Code Execution
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RISCO
abrir ↗Nucleimedium
Z-Blog <=1.5.2 - Open Redirect
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect"
18RISCO
abrir ↗Nucleimedium
Jeesns 1.4.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts o
18RISCO
abrir ↗Nucleimedium
Jeesns 1.4.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to ex
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.