Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleimedium
GTranslate < 2.8.65 - Cross-Site Scripting
Reflected XSS in GTranslate Pro and GTranslate Enterprise < 2.8.65
28RISCO
abrir ↗Nucleimedium
WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting
28RISCO
abrir ↗Nucleimedium
WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
Skaut bazar <= 1.3.2 Reflected Cross-Site Scripting
28RISCO
abrir ↗Nucleihigh
FAUST iServer 9.0.018.018.4 - Local File Inclusion
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau
23RISCO
abrir ↗Nucleicritical
Kramer VIAware - Privilege Escalation and Remote Code Execution
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits runn
60RISCO
abrir ↗Nucleihigh
SolarWinds Serv-U 15.3 - Directory Traversal
Directory Transversal Vulnerability in Serv-U 15.3
61RISCO
abrir ↗Nucleimedium
MaxSite CMS > V106 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attacke
18RISCO
abrir ↗Nucleimedium
Bludit 3.13.1 - Cross Site Scripting
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
38RISCO
abrir ↗Nucleicritical
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web A
23RISCO
abrir ↗Nucleihigh
TermTalk Server 3.24.0.2 - Local File Inclusion
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthe
50RISCO
abrir ↗Nucleicritical
RealTek Jungle SDK - Arbitrary Command Injection
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be u
95RISCO
abrir ↗Nucleicritical
ForgeRock OpenAM <7.0 - Remote Code Execution
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pa
100RISCO
abrir ↗Nucleimedium
Thruk 2.40-2 - Cross-Site Scripting
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title paramete
18RISCO
abrir ↗Nucleicritical
Oracle Access Manager - Remote Code Execution
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RISCO
abrir ↗Nucleihigh
Motorola Baby Monitors - Remote Command Execution
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras tha
48RISCO
abrir ↗Nucleicritical
Hikvision IP camera/NVR - Remote Command Execution
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISCO
abrir ↗Nucleicritical
Kramer VIAware - Remote Code Execution
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePa
50RISCO
abrir ↗Nucleicritical
Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dns
95RISCO
abrir ↗Nucleimedium
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
30RISCO
abrir ↗Nucleimedium
Nova noVNC - Open Redirect
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to
23RISCO
abrir ↗Nucleimedium
IceWarp Mail Server - Open Redirect
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the refere
18RISCO
abrir ↗Nucleimedium
KodExplorer - Cross-Site Scripting
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.
18RISCO
abrir ↗Nucleihigh
PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestash
23RISCO
abrir ↗Nucleimedium
Apache Druid - Local File Inclusion
Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
60RISCO
abrir ↗Nucleimedium
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
28RISCO
abrir ↗Nucleicritical
WordPress Image Hover Ultimate - Unauthenticated Settings Update
WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise
43RISCO
abrir ↗Nucleimedium
QSAN Storage Manager <3.3.3 - Cross-Site Scripting
QSAN Storage Manager - Reflected Cross-Site Scripting
28RISCO
abrir ↗Nucleicritical
KevinLAB BEMS 1.0 - SQL Injection
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id
18RISCO
abrir ↗Nucleihigh
KevinLAB BEMS (Building Energy Management System) - Backdoor Account
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocu
18RISCO
abrir ↗Nucleihigh
Jeecg Boot <= 2.4.5 - Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege an
36RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.