Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleihigh
VMware Aria Operations for Networks - Remote Code Execution
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network acc
58RISCO
abrir
Nucleihigh
VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to
58RISCO
abrir
Nucleimedium
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Purchase Order Management v1.0 - SQL Injection
SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection
28RISCO
abrir
Nucleimedium
Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS
18RISCO
abrir
Nucleihigh
Oracle Peoplesoft - Unauthenticated File Read
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers
58RISCO
abrir
Nucleimedium
Adobe Connect < 12.1.5 - Local File Disclosure
Adobe Connect Improper Access Control Security feature bypass
70RISCO
abrir
Nucleimedium
Seo By 10Web < 1.2.7 - Cross-Site Scripting
Seo By 10Web < 1.2.7 - Admin+ Stored XSS
28RISCO
abrir
Nucleicritical
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in modoboa/modoboa
55RISCO
abrir
Nucleimedium
Web2py URL - Open Redirect
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirec
28RISCO
abrir
Nucleicritical
KubePi JwtSigKey - Admin Authentication Bypass
KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token
55RISCO
abrir
Nucleihigh
KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
KubePi is vulnerable to missing authorization
36RISCO
abrir
Nucleicritical
KubeOperator Foreground `kubeconfig` - File Download
KubeOperator is vulnerable to unauthorized access to system API
48RISCO
abrir
Nucleicritical
Atlassian Confluence - Privilege Escalation
CVE-2023-22515CRITICALsob ataqueransomware
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISCO
abrir
Nucleicritical
Atlassian Confluence Server - Improper Authorization
CVE-2023-22518CRITICALsob ataqueransomware
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authoriz
100RISCO
abrir
Nucleilow
Directorist < 7.5.4 - Local File Inclusion
Directorist < 7.5.4 - Admin+ LFI
23RISCO
abrir
Nucleicritical
Atlassian Confluence - Remote Code Execution
CVE-2023-22527CRITICALsob ataqueransomware
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated atta
100RISCO
abrir
Nucleihigh
WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting
Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleihigh
SecurePoint UTM 12.x Session ID Leak
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid infor
36RISCO
abrir
Nucleihigh
Strapi Versions <=4.5.5 - SSTI to Remote Code Execution
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitra
85RISCO
abrir
Nucleimedium
Tiempo.com <= 0.1.2 - Cross-Site Scripting
Tiempo.com <= 0.1.2 - Reflected XSS
18RISCO
abrir
Nucleihigh
Strapi Versions <=4.5.6 - Authentication Bypass
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login pro
36RISCO
abrir
Nucleimedium
Securepoint UTM - Leaking Remote Memory Contents
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information dis
28RISCO
abrir
Nucleihigh
SugarCRM Unauthenticated - Remote Code Execution
CVE-2023-22952HIGHsob ataque
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RISCO
abrir
Nucleihigh
Cellinx NVT Web Server - Local File Disclosure
Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFi
38RISCO
abrir
Nucleimedium
wpForo Forum <= 2.1.8 - Cross-Site Scripting
wpForo Forum < 2.1.9 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RISCO
abrir
Nucleicritical
SolarView Compact 6.00 - OS Command Injection
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RISCO
abrir
Nucleicritical
WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISCO
abrir
Nucleicritical
WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection
48RISCO
abrir
anteriorpágina 62 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.