Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleicritical
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/
43RISCO
abrir ↗Nucleicritical
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid
43RISCO
abrir ↗Nucleihigh
MLFlow < 2.8.1 - Sensitive Information Disclosure
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted requ
30RISCO
abrir ↗Nucleihigh
ShokoServer System - Local File Inclusion (LFI)
Arbitrary file read vulnerability in Shoko Server
36RISCO
abrir ↗Nucleicritical
GeoServer WPS - Server Side Request Forgery
WPS Server Side Request Forgery in GeoServer
48RISCO
abrir ↗Nucleimedium
mojoPortal v.2.7.0.0 - Cross-Site Scripting
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the he
28RISCO
abrir ↗Nucleihigh
Ruijie RG-EW1200G Router Background - Login Bypass
Ruijie RG-EW1200G login improper authentication
48RISCO
abrir ↗Nucleimedium
Adobe Coldfusion - Cross-Site Scripting
Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version
50RISCO
abrir ↗Nucleicritical
Adobe ColdFusion WDDX Deserialization Gadgets
ColdFusion WDDX Deserialization Gadgets
65RISCO
abrir ↗Nucleicritical
JeecgBoot JimuReport - Template injection
jeecgboot JimuReport Template injection
53RISCO
abrir ↗Nucleimedium
Cockpit - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
28RISCO
abrir ↗Nucleimedium
mooSocial v.3.1.8 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a c
18RISCO
abrir ↗Nucleimedium
mooSocial v.3.1.8 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a c
18RISCO
abrir ↗Nucleihigh
WordPress Job Portal < 2.0.6 - SQL Injection
WP Job Portal < 2.0.6 - Unauthenticated SQLi
63RISCO
abrir ↗Nucleimedium
WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
28RISCO
abrir ↗Nucleimedium
XWiki < 14.10.14 - Cross-Site Scripting
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
43RISCO
abrir ↗Nucleicritical
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
75RISCO
abrir ↗Nucleihigh
PrestaShop PireosPay - SQL Injection
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL
30RISCO
abrir ↗Nucleicritical
D-Link DAR-8000-10 - Command Injection
D-Link DAR-8000-10 sys1.php os command injection
70RISCO
abrir ↗Nucleimedium
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
SPA-Cart eCommerce CMS search cross site scripting
55RISCO
abrir ↗Nucleimedium
MooSocial 3.1.8 - Cross-Site Scripting
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a cra
18RISCO
abrir ↗Nucleimedium
Apache Tomcat - HTTP Request Smuggling
Apache Tomcat: Trailer header parsing too lenient
28RISCO
abrir ↗Nucleimedium
Frigate < 0.13.0 Beta 3 - Cross-Site Scripting
Frigate reflected XSS through `/<camera_name>` API endpoints
28RISCO
abrir ↗Nucleimedium
PaperCut NG Unauthenticated XMLRPC Functionality
PaperCut NG Unauthenticated XMLRPC
28RISCO
abrir ↗Nucleimedium
Leantime < 2.4 - Authenticated SQL Injection
Authenticated SQL Injection in leantime
28RISCO
abrir ↗Nucleicritical
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute a
23RISCO
abrir ↗Nucleihigh
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.