Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RISCO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RISCO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISCO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISCO
abrir
Nucleicritical
Advantech R-SeeNet 2.4.12 - OS Command Injection
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.
55RISCO
abrir
Nucleimedium
D-Link DIR-3040 1.13B03 - Information Disclosure
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially craft
40RISCO
abrir
Nucleicritical
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix Prem
55RISCO
abrir
Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
CVE-2021-21972CRITICALsob ataqueransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISCO
abrir
Nucleimedium
VMware vSphere - Server-Side Request Forgery
CVE-2021-21973MEDIUMsob ataque
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of UR
100RISCO
abrir
Nucleihigh
vRealize Operations Manager API - Server-Side Request Forgery
CVE-2021-21975HIGHsob ataqueransomware
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RISCO
abrir
Nucleicritical
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISCO
abrir
Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
CVE-2021-21985CRITICALsob ataqueransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RISCO
abrir
Nucleicritical
VMware vCenter Server - Arbitrary File Upload
CVE-2021-22005CRITICALsob ataqueransomware
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISCO
abrir
Nucleimedium
vCenter Server - Improper Access Control
CVE-2021-22017MEDIUMsob ataque
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A mali
70RISCO
abrir
Nucleihigh
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to exe
23RISCO
abrir
Nucleihigh
VMWare Workspace ONE UEM - Server-Side Request Forgery
CVE-2021-22054HIGHsob ataque
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and
100RISCO
abrir
Nucleimedium
FortiWeb - Cross Site Scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version
23RISCO
abrir
Nucleimedium
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISCO
abrir
Nucleihigh
GitLab CI Lint API - Server-Side Request Forgery
CVE-2021-22175MEDIUMsob ataque
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
70RISCO
abrir
Nucleicritical
GitLab CE/EE - Remote Code Execution
CVE-2021-22205CRITICALsob ataqueransomware
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir
Nucleihigh
Gitlab CE/EE 10.5 - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE
53RISCO
abrir
Nucleicritical
Micro Focus Operations Bridge Reporter - Remote Code Execution
CVE-2021-22502CRITICALsob ataque
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISCO
abrir
Nucleicritical
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to
30RISCO
abrir
Nucleimedium
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg
50RISCO
abrir
Nucleimedium
Ruby on Rails - Open Redirect via Host Header Injection
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Sp
40RISCO
abrir
Nucleicritical
Rocket.Chat <=3.13 - NoSQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir
Nucleicritical
F5 iControl REST - Remote Command Execution
CVE-2021-22986CRITICALsob ataqueransomware
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RISCO
abrir
Nucleimedium
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (
23RISCO
abrir
Nucleihigh
Lodash Template - Server-Side Template Injection (RCE)
Command Injection
41RISCO
abrir
Nucleihigh
elFinder < 2.1.58 - Remote Code Execution
Remote Code Execution (RCE)
41RISCO
abrir
anteriorpágina 44 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.