Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.190 exploits
Nucleicritical
Honeywell PM43 Printers - Command Injection
Printer web page invalid command execution
75RISCO
abrir ↗Nucleimedium
PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
PHP Jabbers Shuttle Booking Software index.php cross site scripting
48RISCO
abrir ↗Nucleimedium
PHPJabbers Service Booking Script 1.0 - Cross Site Scripting
PHP Jabbers Service Booking Script index.php cross site scripting
48RISCO
abrir ↗Nucleimedium
PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting
PHP Jabbers Night Club Booking Software index.php cross site scripting
48RISCO
abrir ↗Nucleimedium
PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting
PHP Jabbers Cleaning Business index.php cross site scripting
48RISCO
abrir ↗Nucleimedium
PHPJabbers Taxi Booking 2.0 - Cross Site Scripting
PHP Jabbers Taxi Booking index.php cross site scripting
48RISCO
abrir ↗Nucleicritical
Qlik Sense Enterprise - HTTP Request Smuggling
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and ear
100RISCO
abrir ↗Nucleimedium
Qlik Sense Enterprise - Path Traversal
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, Feb
100RISCO
abrir ↗Nucleimedium
CrafterCMS Engine - Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine
36RISCO
abrir ↗Nucleimedium
Store Locator WordPress < 1.4.13 - Cross-Site Scripting
Store Locator WordPress < 1.4.13 - Reflected XSS
28RISCO
abrir ↗Nucleimedium
PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
18RISCO
abrir ↗Nucleimedium
EyouCms v1.6.2 - Cross-Site Scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/t
18RISCO
abrir ↗Nucleimedium
JFinalCMS v5.0.0 - Directory Traversal
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traver
23RISCO
abrir ↗Nucleimedium
Emlog Pro v2.1.14 - Cross-Site Scripting
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
18RISCO
abrir ↗Nucleimedium
RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealG
18RISCO
abrir ↗Nucleihigh
Adlisting Classified Ads 2.14.0 - Information Disclosure
Templatecookie Adlisting Redirect ad-list information disclosure
60RISCO
abrir ↗Nucleihigh
Ruijie RG-EW1200G Router - Password Reset
Ruijie RG-EW1200G Administrator Password set_passwd access control
40RISCO
abrir ↗Nucleimedium
mooSocial 3.1.8 - Reflected XSS
mooSocial mooStore index cross site scripting
43RISCO
abrir ↗Nucleimedium
mooSocial 3.1.6 - Reflected Cross Site Scripting
mooSocial mooStore cross site scripting
43RISCO
abrir ↗Nucleimedium
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
Skype for Business Elevation of Privilege Vulnerability
80RISCO
abrir ↗Nucleicritical
CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution
Craft CMS Remote Code Execution vulnerability
85RISCO
abrir ↗Nucleihigh
ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability
36RISCO
abrir ↗Nucleimedium
Chamilo LMS <= 1.11.24 - Remote Code Execution
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir ↗Nucleimedium
OpenCMS - Cross-Site Scripting
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
28RISCO
abrir ↗Nucleihigh
OpenCMS - XML external entity (XXE)
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/
56RISCO
abrir ↗Nucleimedium
JumpServer > 3.6.4 - Information Disclosure
JumpServer session replays download without authentication
48RISCO
abrir ↗Nucleicritical
JetBrains TeamCity < 2023.05.4 - Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RISCO
abrir ↗Nucleihigh
WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting
Post Timeline < 2.2.6 - Reflected XSS
18RISCO
abrir ↗Nucleicritical
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.