Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003022 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3004222 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Cont
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3132922 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003922 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003422 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
23RISCO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)
CVE-2021-2568021 abr 2021
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These
23RISCO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
CVE-2021-2568121 abr 2021
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. T
28RISCO
abrir
Exploit-DB
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
CVE-2021-21425CRITICAL21 abr 2021
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISCO
abrir
Exploit-DB
RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
CVE-2021-3004421 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
23RISCO
abrir
Exploit-DB
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
CVE-2021-3115221 abr 2021
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can ena
23RISCO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)
CVE-2021-2567921 abr 2021
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. T
23RISCO
abrir
Exploit-DB
Horde Groupware Webmail 5.2.22 - Stored XSS
CVE-2021-2692915 abr 2021
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library befor
23RISCO
abrir
Exploit-DB
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
CVE-2021-3063715 abr 2021
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
23RISCO
abrir
Exploit-DB
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
CVE-2020-1550015 abr 2021
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RISCO
abrir
Exploit-DB
CITSmart ITSM 9.1.2.22 - LDAP Injection
CVE-2020-3577514 abr 2021
CITSmart before 9.1.2.23 allows LDAP Injection.
28RISCO
abrir
Exploit-DB
jQuery 1.0.3 - Cross-Site Scripting (XSS)
CVE-2020-11023MEDIUMsob ataque14 abr 2021
Potential XSS vulnerability in jQuery
85RISCO
abrir
Exploit-DB
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
CVE-2021-2900314 abr 2021
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacter
35RISCO
abrir
Exploit-DB
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
CVE-2021-2792814 abr 2021
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, a
35RISCO
abrir
Exploit-DB
jQuery 1.2 - Cross-Site Scripting (XSS)
CVE-2020-11022MEDIUM14 abr 2021
jQuery has a potential XSS vulnerability
55RISCO
abrir
Exploit-DB
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
CVE-2021-2814214 abr 2021
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
23RISCO
abrir
Exploit-DB
ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
CVE-2020-2923813 abr 2021
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensi
28RISCO
abrir
Exploit-DB
vsftpd 2.3.4 - Backdoor Command Execution
CVE-2011-252312 abr 2021
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
Exploit-DB
PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
CVE-2020-1516009 abr 2021
Blind SQL Injection in PrestaShop
28RISCO
abrir
Exploit-DB
Composr 10.0.36 - Remote Code Execution
CVE-2021-3014908 abr 2021
Composr 10.0.36 allows upload and execution of PHP files.
28RISCO
abrir
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235208 abr 2021
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adja
23RISCO
abrir
Exploit-DB
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
CVE-2021-3014708 abr 2021
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
23RISCO
abrir
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235108 abr 2021
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via a
23RISCO
abrir
Exploit-DB
Composr CMS 10.0.36 - Cross Site Scripting
CVE-2021-3015007 abr 2021
Composr 10.0.36 allows XSS in an XML script.
23RISCO
abrir
Exploit-DB
Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
CVE-2020-5377CRITICAL07 abr 2021
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RISCO
abrir
Exploit-DB
Google Chrome 81.0.4044 V8 - Remote Code Execution
CVE-2020-650706 abr 2021
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap
28RISCO
abrir
anteriorpágina 36 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.