Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Jeesns 1.4.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to e
18RISCO
abrir
Nucleihigh
FHEM 6.0 - Local File Inclusion
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a fil
23RISCO
abrir
Nucleimedium
Vtiger CRM v7.2.0 - Directory Listing
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directori
18RISCO
abrir
Nucleimedium
Apache OFBiz <=16.11.07 - Cross-Site Scripting
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
40RISCO
abrir
Nucleimedium
qdPM 9.1 - Cross-site Scripting
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
18RISCO
abrir
Nucleihigh
Apache Kylin 3.0.1 - Command Injection Vulnerability
CVE-2020-1956HIGHsob ataque
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the
100RISCO
abrir
Nucleicritical
Gridx 1.3 - Remote Code Execution
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attack
23RISCO
abrir
Nucleimedium
ZZcms - Cross-Site Scripting
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
18RISCO
abrir
Nucleicritical
WeiPHP 5.0 - SQL Injection
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
18RISCO
abrir
Nucleihigh
Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
41RISCO
abrir
Nucleicritical
ThinkCMF X2.2.2 - Remote Code Execution
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
18RISCO
abrir
Nucleimedium
GiveWP - Missing Authorization to Settings Update
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauth
18RISCO
abrir
Nucleimedium
Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a ref
60RISCO
abrir
Nucleicritical
shadoweb wdja v1.5.1 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain es
18RISCO
abrir
Nucleimedium
DomainMOD 4.13.0 - Cross-Site Scripting
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attacker
18RISCO
abrir
Nucleimedium
Jenkins <=2.218 - Information Disclosure
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI d
18RISCO
abrir
Nucleicritical
Inspur ClusterEngine 4.0 - Remote Code Execution
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a maliciou
30RISCO
abrir
Nucleimedium
Jenkin Audit Trail <=3.2 - Cross-Site Scripting
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation,
40RISCO
abrir
Nucleimedium
HomeAutomation 3.3.2 - Open Redirect
In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified befor
18RISCO
abrir
Nucleihigh
PHPGurukul Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unaut
18RISCO
abrir
Nucleicritical
74cms - ajax_street.php 'x' SQL Injection
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
18RISCO
abrir
Nucleicritical
74cms - ajax_common.php SQL Injection
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
18RISCO
abrir
Nucleicritical
74cms - ajax_officebuilding.php SQL Injection
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
18RISCO
abrir
Nucleicritical
74cms - ajax_street.php 'key' SQL Injection
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
18RISCO
abrir
Nucleimedium
b2evolution CMS <6.11.6 - Open Redirect
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redi
23RISCO
abrir
Nucleimedium
OPNsense <=20.1.5 - Open Redirect
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not fil
18RISCO
abrir
Nucleimedium
Aryanic HighMail (High CMS) - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers
18RISCO
abrir
Nucleihigh
Kyocera Printer d-COPIA253MF - Directory Traversal
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnera
30RISCO
abrir
Nucleimedium
Monstra CMS 3.0.4 - Cross-Site Scripting
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
18RISCO
abrir
Nucleimedium
XXL-JOB v2.2.0 — Stored Cross Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web scr
18RISCO
abrir
anteriorpágina 36 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.