Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.284exploits catalogados
31.741CVEs com exploração pública
0testados em laboratório
4.191 exploits
Nucleicritical
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmwar
85RISCO
abrir
Nucleicritical
IPS Community Suite - Unauthenticated SQL Injection
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\
43RISCO
abrir
Nucleihigh
Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write
Apache DolphinScheduler: Resource File Read And Write Vulnerability
36RISCO
abrir
Nucleimedium
Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
36RISCO
abrir
Nucleimedium
DataEase <= 2.4.1 - Sensitive Information Exposure
DataEase has database configuration information exposure vulnerability
53RISCO
abrir
Nucleimedium
WordPress Themify Builder < 7.5.8 - Open Redirect
Themify Builder < 7.5.8 - Open Redirect
28RISCO
abrir
Nucleimedium
WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization
WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability
28RISCO
abrir
Nucleicritical
ProfileGrid <= 5.7.8 - SQL Injection
WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability
43RISCO
abrir
Nucleicritical
CRM Perks Forms <= 1.1.4 - SQL Injection
WordPress CRM Perks Forms plugin <= 1.1.4 - Unauthenticated SQL Injection vulnerability
43RISCO
abrir
Nucleicritical
WP Travel Engine <= 5.7.9 - SQL Injection
WordPress WP Travel Engine plugin <= 5.7.9 - Unauth. Blind SQL Injection vulnerability
43RISCO
abrir
Nucleicritical
Netgear R6850 V1.1.0.88 - Command Injection
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
55RISCO
abrir
Nucleihigh
Netgear R6850 - Information Disclosure
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information wi
36RISCO
abrir
Nucleimedium
Netgear R6850 - Information Disclosure
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without
28RISCO
abrir
Nucleicritical
ASUS DSL-AC88U - Authentication Bypass
ASUS Router - Improper Authentication
55RISCO
abrir
Nucleimedium
NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
40RISCO
abrir
Nucleimedium
Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
28RISCO
abrir
Nucleicritical
MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
43RISCO
abrir
Nucleihigh
Flowise 1.6.5 - Authentication Bypass
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted sc
68RISCO
abrir
Nucleihigh
F-logic DataCube3 - SQL Injection
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the
48RISCO
abrir
Nucleimedium
CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via th
28RISCO
abrir
Nucleicritical
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedde
63RISCO
abrir
Nucleicritical
CData Connect < 23.4.8846 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded J
43RISCO
abrir
Nucleihigh
CData Arc < 23.4.8839 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty
36RISCO
abrir
Nucleihigh
TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized e
43RISCO
abrir
Nucleihigh
Next.js - Server Side Request Forgery (SSRF)
Next.js Server-Side Request Forgery in Server Actions
36RISCO
abrir
Nucleihigh
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability
36RISCO
abrir
Nucleimedium
GP Premium <= 2.4.0 - Cross-Site Scripting
GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
28RISCO
abrir
Nucleicritical
Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
68RISCO
abrir
Nucleihigh
LyLme-Spage - Arbitary File Upload
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to exec
43RISCO
abrir
Nucleihigh
OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
OpenAPI Generator Online - Arbitrary File Read/Delete
36RISCO
abrir
anteriorpágina 65 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.