Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleicritical
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharac
50RISCO
abrir ↗Nucleihigh
KONGA 0.14.9 - Privilege Escalation
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to pri
18RISCO
abrir ↗Nucleicritical
Sitecore Experience Platform Pre-Auth RCE
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RISCO
abrir ↗Nucleicritical
BillQuick Web Suite SQL Injection
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RISCO
abrir ↗Nucleihigh
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion
WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion
36RISCO
abrir ↗Nucleimedium
NetBiblio WebOPAC - Cross-Site Scripting
Reflected XSS in NetBiblio WebOPAC search functionality
28RISCO
abrir ↗Nucleimedium
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
38RISCO
abrir ↗Nucleimedium
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
38RISCO
abrir ↗Nucleimedium
Apereo CAS Cross-Site Scripting
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
18RISCO
abrir ↗Nucleicritical
D-Link DIR-615 - Unauthorized Access
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without auth
30RISCO
abrir ↗Nucleimedium
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via th
18RISCO
abrir ↗Nucleicritical
Online Event Booking and Reservation System 2.3.0 - SQL Injection
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-manag
23RISCO
abrir ↗Nucleicritical
TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
30RISCO
abrir ↗Nucleimedium
Fortinet FortiMail 7.0.1 - Cross-Site Scripting
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0
53RISCO
abrir ↗Nucleihigh
Pre-Auth Takeover of Build Pipelines in GoCD
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default,
43RISCO
abrir ↗Nucleicritical
Studio-42 elFinder <2.1.60 - Arbitrary File Upload
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remot
30RISCO
abrir ↗Nucleihigh
AlquistManager Local File Inclusion
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnera
18RISCO
abrir ↗Nucleihigh
Clustering Local File Inclusion
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vuln
23RISCO
abrir ↗Nucleicritical
Sourcecodester Simple Client Management System 1.0 - SQL Injection
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login
18RISCO
abrir ↗Nucleimedium
Atmail 6.5.0 - Cross-Site Scripting
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default U
18RISCO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remot
18RISCO
abrir ↗Nucleihigh
kkFileview v4.0.0 - Local File Inclusion
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file l
23RISCO
abrir ↗Nucleicritical
WordPress Automatic Plugin - Unauthenticated Options Change
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RISCO
abrir ↗Nucleihigh
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Path traversal in GLPI barcode plugin
75RISCO
abrir ↗Nucleicritical
Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update
43RISCO
abrir ↗Nucleimedium
Admidio - Cross-Site Scripting
Cross-site Scripting (XSS) when redirect an url
36RISCO
abrir ↗Nucleihigh
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio interface
36RISCO
abrir ↗Nucleicritical
Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RISCO
abrir ↗Nucleihigh
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remo
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.