Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.622exploits catalogados
32.030CVEs com exploração pública
1.932testados em laboratório
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8.100Nuclei 4.191Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.191 exploits
Nucleicritical
Zabbix <=4.4 - Authentication Bypass
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass
30RISCO
abrir ↗Nucleihigh
MetInfo 7.0.0 beta - SQL Injection
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchPa
30RISCO
abrir ↗Nucleicritical
Jfrog Artifactory <6.17.0 - Default Admin Password
JFrog Artifactory does not enforce default admin password change
55RISCO
abrir ↗Nucleimedium
Kirona Dynamic Resource Scheduler - Information Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISCO
abrir ↗Nucleicritical
D-Link DIR-868L/817LW - Information Disclosure
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 route
30RISCO
abrir ↗Nucleihigh
Jiangnan Online Judge 0.8.0 - Local File Inclusion
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=
23RISCO
abrir ↗Nucleihigh
Apache Solr <=8.3.1 - Remote Code Execution
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISCO
abrir ↗Nucleicritical
Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST
30RISCO
abrir ↗Nucleicritical
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially
18RISCO
abrir ↗Nucleicritical
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir ↗Nucleimedium
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is m
50RISCO
abrir ↗Nucleicritical
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RISCO
abrir ↗Nucleihigh
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerabilit
50RISCO
abrir ↗Nucleimedium
Ignite Realtime Openfire <4.42 - Local File Inclusion
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the
23RISCO
abrir ↗Nucleicritical
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allo
30RISCO
abrir ↗Nucleihigh
DOMOS 5.5 - Local File Inclusion
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
23RISCO
abrir ↗Nucleicritical
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RISCO
abrir ↗Nucleihigh
Allied Telesis AT-GS950/8 - Local File Inclusion
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] al
23RISCO
abrir ↗Nucleicritical
Xfilesharing 2.5.1 - Arbitrary File Upload
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951
30RISCO
abrir ↗Nucleimedium
MicroStrategy Library <11.1.3 - Cross-Site Scripting
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
18RISCO
abrir ↗Nucleimedium
Cisco RV110W RV130W RV215W Router - Information leakage
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
40RISCO
abrir ↗Nucleimedium
WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index
18RISCO
abrir ↗Nucleimedium
Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker ca
43RISCO
abrir ↗Nucleilow
Huawei Firewall - Local File Inclusion
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100,
18RISCO
abrir ↗Nucleimedium
Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
Cisco Small Business Series Switches Open Redirect Vulnerability
53RISCO
abrir ↗Nucleicritical
Citrix ADC and Gateway - Directory Traversal
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir ↗Nucleihigh
TOTOLINK/Realtek Routers - Information Disclosure
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attacker
18RISCO
abrir ↗Nucleihigh
TOTOLINK/Realtek Routers - Information Disclosure
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext admin
18RISCO
abrir ↗Nucleihigh
TOTOLINK Realtek SD Routers - Remote Command Injection
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCm
23RISCO
abrir ↗Nucleicritical
TOTOLINK/Realtek Routers - CAPTCHA Bypass
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"}
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.