Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleimedium
Knowage Suite 7.3 - Cross-Site Scripting
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrar
18RISCO
abrir ↗Nucleicritical
VoipMonitor <24.61 - Remote Code Execution
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used,
50RISCO
abrir ↗Nucleihigh
Ivanti Avalanche 6.3.2 - Local File Inclusion
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal
40RISCO
abrir ↗Nucleicritical
PrestaShop 1.7.7.0 - SQL Injection
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller
23RISCO
abrir ↗Nucleimedium
Microsoft Exchange Server - Cross-Site Scripting
Microsoft Exchange Server Remote Code Execution Vulnerability
50RISCO
abrir ↗Nucleimedium
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology I
23RISCO
abrir ↗Nucleimedium
CHIYU TCP/IP Converter - Cross-Site Scripting
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU T
40RISCO
abrir ↗Nucleicritical
Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISCO
abrir ↗Nucleicritical
CentOS Web Panel - SQL Injection
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST param
23RISCO
abrir ↗Nucleicritical
CentOS Web Panel - OS Command Injection
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root R
30RISCO
abrir ↗Nucleihigh
Home Assistant HACS - Local File Inclusion
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks aga
18RISCO
abrir ↗Nucleimedium
SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, p
18RISCO
abrir ↗Nucleimedium
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface
36RISCO
abrir ↗Nucleimedium
BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Sof
43RISCO
abrir ↗Nucleihigh
Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The
40RISCO
abrir ↗Nucleimedium
WebCTRL OEM <= 6.5 - Cross-Site Scripting
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for re
43RISCO
abrir ↗Nucleicritical
Tenda Router AC11 - Remote Command Injection
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerabili
95RISCO
abrir ↗Nucleicritical
Apache Struts2 S2-062 - Remote Code Execution
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
60RISCO
abrir ↗Nucleicritical
Layer5 Meshery 0.5.2 - SQL Injection
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL comman
40RISCO
abrir ↗Nucleimedium
SysAid 20.4.74 - Cross-Site Scripting
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
18RISCO
abrir ↗Nucleicritical
ASUS GT-AC2900 - Authentication Bypass
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630
95RISCO
abrir ↗Nucleicritical
Maian Cart <=3.8 - Remote Code Execution
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the
50RISCO
abrir ↗Nucleihigh
Node RED Dashboard <2.26.2 - Local File Inclusion
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
23RISCO
abrir ↗Nucleicritical
Websvn <2.6.1 - Remote Code Execution
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RISCO
abrir ↗Nucleicritical
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to exec
23RISCO
abrir ↗Nucleimedium
Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect
18RISCO
abrir ↗Nucleicritical
elFinder 2.1.58 - Remote Code Execution
Multiple vulnerabilities leading to RCE
75RISCO
abrir ↗Nucleihigh
WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
Arbitrary SQL (SQL injection) possible via the Store API component.
61RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.