Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
Import Legacy Media <= 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote a
18RISCO
abrir ↗Nucleimedium
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusi
18RISCO
abrir ↗Nucleimedium
Movies <= 0.6 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to i
18RISCO
abrir ↗Nucleimedium
Podcast Channels < 0.28 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote att
18RISCO
abrir ↗Nucleimedium
Shortcode Ninja <= 1.4 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier
18RISCO
abrir ↗Nucleimedium
WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earli
18RISCO
abrir ↗Nucleimedium
Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
The ultimate-weather plugin 1.0 for WordPress has XSS
18RISCO
abrir ↗Nucleimedium
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earli
18RISCO
abrir ↗Nucleimedium
WP Planet <= 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier f
18RISCO
abrir ↗Nucleimedium
WordPress Plugin Tera Charts - Local File Inclusion
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attacker
43RISCO
abrir ↗Nucleimedium
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to re
18RISCO
abrir ↗Nucleimedium
WordPress EasyCart <2.0.6 - Information Disclosure
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information
18RISCO
abrir ↗Nucleimedium
Fonality trixbox - Local File Inclusion
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a ..
43RISCO
abrir ↗Nucleimedium
Last.fm Rotation 1.0 - Path Traversal
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress
18RISCO
abrir ↗Nucleimedium
Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read
18RISCO
abrir ↗Nucleimedium
webEdition 6.3.8.0 - Directory Traversal
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated
43RISCO
abrir ↗Nucleimedium
WordPress Plugin WP Content Source Control - Directory Traversal
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Sour
43RISCO
abrir ↗Nucleicritical
ShellShock - Remote Code Execution
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Nucleicritical
HTTP File Server <2.3c - Remote Command Execution
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir ↗Nucleimedium
Osclass Security Advisory 3.4.1 - Local File Inclusion
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot
43RISCO
abrir ↗Nucleimedium
Simple Online Planning Tool <1.3.2 - Local File Inclusion
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attacke
50RISCO
abrir ↗Nucleihigh
Gogs (Go Git Service) - SQL Injection
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow r
50RISCO
abrir ↗Nucleicritical
WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISCO
abrir ↗Nucleimedium
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2
50RISCO
abrir ↗Nucleimedium
WordPress DZS-VideoGallery Plugin Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Vide
38RISCO
abrir ↗Nucleimedium
WordPress DB Backup <=4.5 - Local File Inclusion
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote at
43RISCO
abrir ↗Nucleimedium
Eleanor CMS - Open Redirect
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites an
18RISCO
abrir ↗Nucleimedium
Frontend Uploader <= 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to
18RISCO
abrir ↗Nucleimedium
Netsweeper 4.0.8 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.
18RISCO
abrir ↗Nucleimedium
Netsweeper 4.0.4 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote
18RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.