Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
4.190 exploits
Nucleicritical
Quiz Maker <= 6.5.8.3 - SQL Injection
Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter
68RISCO
abrir
Nucleihigh
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
Unauthenticated Path Traversal
36RISCO
abrir
Nucleimedium
LocalAI - Partial Local File Read
SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
28RISCO
abrir
Nucleicritical
Push Notification for Post and BuddyPress <= 1.93 - SQL Injection
Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi
63RISCO
abrir
Nucleimedium
TrakSYS 11.x.x - Sensitive Data Exposure
Parsec Automation TrackSYS pagedefinition direct request
28RISCO
abrir
Nucleicritical
PayPlus Payment Gateway < 6.6.9 - SQL Injection
PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
56RISCO
abrir
Nucleicritical
WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload
简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
55RISCO
abrir
Nucleicritical
NetScaler Console - Sensitive Information Disclosure
Sensitive information disclosure
48RISCO
abrir
Nucleihigh
LOLLMS WebUI - Absolute Path Traversal
Absolute Path Traversal in parisneo/lollms-webui
36RISCO
abrir
Nucleicritical
UsersWP <= 1.2.10 - Unauthenticated SQL Injection
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
43RISCO
abrir
Nucleimedium
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
28RISCO
abrir
Nucleihigh
User Profile Builder < 3.11.8 - File Upload
User Profile Builder < 3.11.8 - Unauthenticated Media Upload
68RISCO
abrir
Nucleicritical
Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite
Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
55RISCO
abrir
Nucleihigh
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
36RISCO
abrir
Nucleicritical
WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion
Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
63RISCO
abrir
Nucleimedium
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS
28RISCO
abrir
Nucleimedium
WP Popups - Information Disclosure
WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure
28RISCO
abrir
Nucleimedium
Campaign Monitor for WordPress - Information Disclosure
Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure
28RISCO
abrir
Nucleihigh
Lightdash v0.1024.6 - Server-Side Request Forgery
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and s
36RISCO
abrir
Nucleihigh
LiteLLM - Server-Side Request Forgery
SSRF in berriai/litellm
48RISCO
abrir
Nucleimedium
Netgear-WN604 downloadFile.php - Information Disclosure
Netgear WN604 Web Interface downloadFile.php information disclosure
40RISCO
abrir
Nucleihigh
WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting
WordPress File Upload < 4.24.8 - Reflected XSS
33RISCO
abrir
Nucleicritical
WhatsUp Gold HasErrors SQL Injection - Authentication Bypass
CVE-2024-6670CRITICALsob ataqueransomware
WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
100RISCO
abrir
Nucleicritical
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass
WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability
48RISCO
abrir
Nucleimedium
WP Content Copy Protection & No Right Click - Open Redirect
WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect
28RISCO
abrir
Nucleimedium
EasySpider 0.6.2 - Arbitrary File Read
NaiboWang EasySpider HTTP GET Request server.js path traversal
28RISCO
abrir
Nucleihigh
Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting
Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting
36RISCO
abrir
Nucleihigh
Calibre <= 7.14.0 Arbitrary File Read
Calibre Arbitrary File Read
48RISCO
abrir
Nucleicritical
Calibre <= 7.14.0 Remote Code Execution
Calibre Remote Code Execution
85RISCO
abrir
Nucleihigh
AnythingLLM - Information Disclosure
Exposure of Sensitive Information in mintplex-labs/anything-llm
41RISCO
abrir
anteriorpágina 64 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.