Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleimedium
Imgproxy < 3.14.0 - Cross-site Scripting (XSS)
Cross-site Scripting (XSS) - Reflected in imgproxy/imgproxy
28RISCO
abrir
Nucleimedium
MyCryptoCheckout < 2.124 - Cross-Site Scripting
MyCryptoCheckout < 2.124 - Reflected XSS
28RISCO
abrir
Nucleicritical
Sophos Web Appliance - Remote Code Execution
CVE-2023-1671CRITICALsob ataque
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10
100RISCO
abrir
Nucleicritical
WAGO - Remote Command Execution
WAGO: WBM Command Injection in multiple products
85RISCO
abrir
Nucleicritical
Bitrix Component - Cross-Site Scripting
Bitrix24 Insecure Global Variable Extraction
36RISCO
abrir
Nucleicritical
SupportCandy < 3.1.5 - Unauthenticated SQL Injection
SupportCandy < 3.1.5 - Unauthenticated SQLi
75RISCO
abrir
Nucleimedium
Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting
Companion Sitemap Generator < 4.5.3 - Reflected XSS
18RISCO
abrir
Nucleimedium
Ninja Forms < 3.6.22 - Cross-Site Scripting
Ninja Forms < 3.6.22 - Reflected XSS
28RISCO
abrir
Nucleimedium
Phpmyfaq v3.1.11 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
36RISCO
abrir
Nucleimedium
Tablesome < 1.0.9 - Cross-Site Scripting
Tablesome < 1.0.9 - Reflected XSS
28RISCO
abrir
Nucleicritical
Sidekiq < 7.0.8 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq
36RISCO
abrir
Nucleihigh
Login with Phone Number - Cross-Site Scripting
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerabili
48RISCO
abrir
Nucleihigh
Mlflow <2.3.0 - Local File Inclusion
Relative Path Traversal in mlflow/mlflow
43RISCO
abrir
Nucleimedium
Joomla! Webservice - Password Disclosure
CVE-2023-23752MEDIUMsob ataque
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir
Nucleimedium
Ozette Plugins - Cross-Site Request Forgery
WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF)
28RISCO
abrir
Nucleicritical
WordPress GamiPress <= 2.5.7 - SQL Injection
WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection
36RISCO
abrir
Nucleihigh
CData RSB Connect v22.0.8336 - Server Side Request Forgery
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
36RISCO
abrir
Nucleimedium
Squidex <7.4.0 - Cross-Site Scripting
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
28RISCO
abrir
Nucleimedium
mojoPortal 2.7.0.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows atta
40RISCO
abrir
Nucleimedium
Temenos T24 R20 - Cross-Site Scripting
15RISCO
abrir
Nucleicritical
UserPro <= 5.1.1 - Authentication Bypass
UserPro <= 5.1.1 - Authentication Bypass to Administrator
63RISCO
abrir
Nucleimedium
Citrix Gateway and Citrix ADC - Cross-Site Scripting
Cross site scripting
70RISCO
abrir
Nucleicritical
Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
CVE-2023-24489CRITICALsob ataque
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, coul
100RISCO
abrir
Nucleimedium
phpIPAM - 1.6 - Cross-Site Scripting
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter
48RISCO
abrir
Nucleimedium
PMB 7.4.6 - Cross-Site Scripting
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /ad
18RISCO
abrir
Nucleimedium
PMB 7.4.6 - Open Redirect
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerabil
18RISCO
abrir
Nucleimedium
PMB v7.4.6 - Cross-Site Scripting
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /ad
18RISCO
abrir
Nucleicritical
Appium Desktop Server - Remote Code Execution
OS Command Injection in appium/appium-desktop
48RISCO
abrir
Nucleicritical
vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP reques
68RISCO
abrir
Nucleicritical
GeoServer OGC Filter - SQL Injection
Unfiltered SQL Injection Vulnerabilities in Geoserver
85RISCO
abrir
anteriorpágina 60 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.