Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
Remote Code Execution, RCE
48RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
Data Validation / Sanitization
48RIESGO
abrir ↗Exploit-DB
Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7
100RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
Remote Code Execution, RCE
48RIESGO
abrir ↗Exploit-DB
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
Cacti RCE vulnerability when importing packages
85RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
Credentails Disclosure
41RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
Cross Site Scripting XSS
48RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
Cross Site Scripting XSS
48RIESGO
abrir ↗Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
Cross Site Scripting XSS
48RIESGO
abrir ↗Exploit-DB
OpenPanel 0.3.4 - Directory Traversal
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager
48RIESGO
abrir ↗Exploit-DB
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en
48RIESGO
abrir ↗Exploit-DB
OpenPanel 0.3.4 - Incorrect Access Control
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to exec
41RIESGO
abrir ↗Exploit-DB
OpenPanel 0.3.4 - OS Command Injection
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
48RIESGO
abrir ↗Exploit-DB
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to exec
41RIESGO
abrir ↗Exploit-DB
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[use
23RIESGO
abrir ↗Exploit-DB
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio
41RIESGO
abrir ↗Exploit-DB
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
33RIESGO
abrir ↗Exploit-DB
GestioIP 3.5.7 - Remote Command Execution (RCE)
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RIESGO
abrir ↗Exploit-DB
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
23RIESGO
abrir ↗Exploit-DB
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
Information disclosures
33RIESGO
abrir ↗Exploit-DB
Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
85RIESGO
abrir ↗Exploit-DB
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low p
41RIESGO
abrir ↗Exploit-DB
GeoVision GV-ASManager 6.1.1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less tha
41RIESGO
abrir ↗Exploit-DB
flatCore 1.5 - Cross Site Request Forgery (CSRF)
A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.
23RIESGO
abrir ↗Exploit-DB
MiniCMS 1.1 - Cross Site Scripting (XSS)
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={pa
23RIESGO
abrir ↗Exploit-DB
qBittorrent 5.0.1 - MITM RCE
qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.
41RIESGO
abrir ↗Exploit-DB
Gnuboard5 5.3.2.8 - SQL Injection
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
23RIESGO
abrir ↗Exploit-DB
LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
75RIESGO
abrir ↗Exploit-DB
MagnusSolution magnusbilling 7.3.0 - Command Injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.