Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
CVE-2023-263628 jul 2023
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
23RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3847LOW28 jul 2023
mooSocial mooDating URL users cross site scripting
43RIESGO
abrir
Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
CVE-2023-38501MEDIUM28 jul 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3846LOW28 jul 2023
mooSocial mooDating URL pages cross site scripting
43RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3845LOW28 jul 2023
mooSocial mooDating URL ajax_invite cross site scripting
43RIESGO
abrir
Exploit-DB
RosarioSIS 10.8.4 - CSV Injection
CVE-2023-29918MEDIUM28 jul 2023
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
33RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3844LOW28 jul 2023
mooSocial mooDating URL friends cross site scripting
43RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3848LOW28 jul 2023
mooSocial mooDating URL view cross site scripting
43RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3849LOW28 jul 2023
mooSocial mooDating URL find-a-match cross site scripting
43RIESGO
abrir
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3843LOW28 jul 2023
mooSocial mooDating URL question cross site scripting
43RIESGO
abrir
Exploit-DB
RWS WorldServer 11.7.3 - Session Token Enumeration
CVE-2023-3835720 jul 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized a
23RIESGO
abrir
Exploit-DB
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
CVE-2023-33148HIGH20 jul 2023
Microsoft Office Elevation of Privilege Vulnerability
41RIESGO
abrir
Exploit-DB
pfSense v2.7.0 - OS Command Injection
CVE-2023-2725320 jul 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RIESGO
abrir
Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
CVE-2023-3762919 jul 2023
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by send
43RIESGO
abrir
Exploit-DB
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
CVE-2022-28171HIGH19 jul 2023
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to t
53RIESGO
abrir
Exploit-DB
ABB FlowX v4.00 - Exposure of Sensitive Information
CVE-2023-1258MEDIUM19 jul 2023
Flow-X disclosure of sensitive information to unauthenticated users
33RIESGO
abrir
Exploit-DB
Icinga Web 2.10 - Authenticated Remote Code Execution
CVE-2022-24715HIGH15 jul 2023
Arbitrary code execution for authenticated users in Icinga Web 2
46RIESGO
abrir
Exploit-DB
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
CVE-2023-37269LOW15 jul 2023
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
28RIESGO
abrir
Exploit-DB
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
CVE-2019-1937CRITICAL15 jul 2023
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RIESGO
abrir
Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
CVE-2022-22963CRITICALbajo ataque11 jul 2023
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RIESGO
abrir
Exploit-DB
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
CVE-2023-3616311 jul 2023
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code
23RIESGO
abrir
Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
CVE-2023-33131HIGH07 jul 2023
Microsoft Outlook Remote Code Execution Vulnerability
41RIESGO
abrir
Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
CVE-2022-21907CRITICAL07 jul 2023
HTTP Protocol Stack Remote Code Execution Vulnerability
70RIESGO
abrir
Exploit-DB
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
CVE-2023-33145MEDIUM06 jul 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
33RIESGO
abrir
Exploit-DB
Lost and Found Information System v1.0 - SQL Injection
CVE-2023-3359206 jul 2023
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
23RIESGO
abrir
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
CVE-2023-28285HIGH03 jul 2023
Microsoft Office Remote Code Execution Vulnerability
41RIESGO
abrir
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
CVE-2023-33137HIGH03 jul 2023
Microsoft Excel Remote Code Execution Vulnerability
41RIESGO
abrir
Exploit-DB
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
CVE-2023-3634603 jul 2023
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RIESGO
abrir
Exploit-DB
WP AutoComplete 1.0.4 - Unauthenticated SQLi
CVE-2022-4297CRITICAL03 jul 2023
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi
48RIESGO
abrir
Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
CVE-2023-3634803 jul 2023
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.