Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
GitLab CE/EE < 16.7.2 - Password Reset
CVE-2023-7028CRITICALbajo ataque14 mar 2024
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RIESGO
abrir
Exploit-DB
SolarView Compact 6.00 - Command Injection
CVE-2023-23333CRITICAL14 mar 2024
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RIESGO
abrir
Exploit-DB
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
CVE-2023-42793CRITICALbajo ataqueransomware14 mar 2024
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RIESGO
abrir
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5702MEDIUM14 mar 2024
Viessmann Vitogate 300 direct request
38RIESGO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
CVE-2024-25003HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
41RIESGO
abrir
Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
CVE-2023-5222MEDIUM14 mar 2024
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RIESGO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
CVE-2024-25004HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RIESGO
abrir
Exploit-DB
KiTTY 0.76.1.13 - Command Injection
CVE-2024-23749HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
41RIESGO
abrir
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25832HIGH10 mar 2024
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to
46RIESGO
abrir
Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
CVE-2024-25830CRITICAL10 mar 2024
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An una
53RIESGO
abrir
Exploit-DB
Hide My WP < 6.2.9 - Unauthenticated SQLi
CVE-2022-4681CRITICAL10 mar 2024
Hide My WP < 6.2.9 - Unauthenticated SQLi
48RIESGO
abrir
Exploit-DB
Ladder v0.0.21 - Server-side request forgery (SSRF)
CVE-2024-27620HIGH10 mar 2024
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request
41RIESGO
abrir
Exploit-DB
Akaunting < 3.1.3 - RCE
CVE-2024-22836CRITICAL10 mar 2024
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company loc
60RIESGO
abrir
Exploit-DB
Numbas < v7.3 - Remote Code Execution
CVE-2024-27612MEDIUM10 mar 2024
Numbas editor before 7.3 mishandles editing of themes and extensions.
38RIESGO
abrir
Exploit-DB
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
CVE-2024-27744MEDIUM03 mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RIESGO
abrir
Exploit-DB
Petrol Pump Management Software v.1.0 - SQL Injection
CVE-2024-27746CRITICAL03 mar 2024
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a c
53RIESGO
abrir
Exploit-DB
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload
CVE-2024-27747CRITICAL03 mar 2024
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a cra
53RIESGO
abrir
Exploit-DB
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
CVE-2024-27743MEDIUM03 mar 2024
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RIESGO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration
CVE-2024-25734HIGH26 feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only a
41RIESGO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
CVE-2024-25735CRITICAL26 feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RIESGO
abrir
Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'
CVE-2024-25736HIGH26 feb 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /d
41RIESGO
abrir
Exploit-DB
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
CVE-2023-3897MEDIUM19 feb 2024
Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
33RIESGO
abrir
Exploit-DB
Media Library Assistant Wordpress Plugin - RCE and LFI
CVE-2023-4634CRITICAL09 oct 2023
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
85RIESGO
abrir
Exploit-DB
Clcknshop 1.0.0 - SQL Injection
CVE-2023-4708MEDIUM09 oct 2023
Infosoftbd Clcknshop GET Parameter all sql injection
45RIESGO
abrir
Exploit-DB
Cacti 1.2.24 - Authenticated command injection when using SNMP options
CVE-2023-39362HIGH09 oct 2023
Authenticated command injection in SNMP options of a Device
63RIESGO
abrir
Exploit-DB
BoidCMS v2.0.0 - authenticated file upload vulnerability
CVE-2023-3883609 oct 2023
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RIESGO
abrir
Exploit-DB
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
CVE-2023-4278HIGH09 oct 2023
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
41RIESGO
abrir
Exploit-DB
Splunk 9.0.5 - admin account take over
CVE-2023-32707HIGH09 oct 2023
‘edit_user’ Capability Privilege Escalation
78RIESGO
abrir
Exploit-DB
GLPI GZIP(Py3) 9.4.5 - RCE
CVE-2020-11060HIGH09 oct 2023
Remote Code Execution in GLPI
46RIESGO
abrir
Exploit-DB
Minio 2022-07-29T19-40-48Z - Path traversal
CVE-2022-35919HIGH09 oct 2023
Authenticated requests for server update admin API allows path traversal in minio
53RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.