Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remot
18RIESGO
abrir
Nucleimedium
Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName p
50RIESGO
abrir
Nucleihigh
Joomla HTTP Header Unauthenticated - Remote Code Execution
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RIESGO
abrir
Nucleihigh
Umbraco <7.4.0- Server-Side Request Forgery
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 a
23RIESGO
abrir
Nucleimedium
NewStatPress <=1.0.4 - Cross-Site Scripting
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
18RIESGO
abrir
Nucleicritical
404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
50RIESGO
abrir
Nucleihigh
mTheme Unus < 2.3 - Directory Traversal
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary
30RIESGO
abrir
Nucleimedium
WordPress Symposium <=15.8.1 - Cross-Site Scripting
The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?
18RIESGO
abrir
Nucleihigh
BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
18RIESGO
abrir
Nucleihigh
WordPress RobotCPA 5 - Directory Traversal
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
23RIESGO
abrir
Nucleicritical
WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
23RIESGO
abrir
Nucleihigh
Adobe AEM Dispatcher <4.15 - Rules Bypass
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, wh
30RIESGO
abrir
Nucleimedium
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
Reflected XSS in wordpress plugin admin-font-editor v1.8
18RIESGO
abrir
Nucleimedium
WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
Reflected XSS in wordpress plugin ajax-random-post v2.00
18RIESGO
abrir
Nucleimedium
WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
Reflected XSS in wordpress plugin anti-plagiarism v3.60
18RIESGO
abrir
Nucleimedium
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
18RIESGO
abrir
Nucleimedium
WordPress e-search <=1.0 - Cross-Site Scripting
Reflected XSS in wordpress plugin e-search v1.0
18RIESGO
abrir
Nucleimedium
WordPress e-search <=1.0 - Cross-Site Scripting
Reflected XSS in wordpress plugin e-search v1.0
18RIESGO
abrir
Nucleimedium
WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
18RIESGO
abrir
Nucleimedium
WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
18RIESGO
abrir
Nucleimedium
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
Reflected XSS in wordpress plugin hdw-tube v1.2
18RIESGO
abrir
Nucleimedium
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
Reflected XSS in wordpress plugin hdw-tube v1.2
18RIESGO
abrir
Nucleimedium
WordPress heat-trackr 1.0 - Cross-Site Scripting
Reflected XSS in wordpress plugin heat-trackr v1.0
18RIESGO
abrir
Nucleimedium
WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
18RIESGO
abrir
Nucleimedium
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
Reflected XSS in wordpress plugin indexisto v1.0.5
18RIESGO
abrir
Nucleimedium
WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
Reflected XSS in wordpress plugin infusionsoft v1.5.11
18RIESGO
abrir
Nucleimedium
WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
Reflected XSS in wordpress plugin new-year-firework v1.1.9
18RIESGO
abrir
Nucleimedium
WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
18RIESGO
abrir
Nucleimedium
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
Reflected XSS in wordpress plugin parsi-font v4.2.5
18RIESGO
abrir
Nucleimedium
WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
Reflected XSS in wordpress plugin photoxhibit v2.1.8
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.