Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleimedium
Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
Updater by BestWebSoft < 1.35 - Cross-Site Scripting
The updater plugin before 1.35 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleicritical
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or use
23RIESGO
abrir ↗Nucleimedium
Timesheet Plugin < 0.1.5 - Cross-Site Scripting
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
18RIESGO
abrir ↗Nucleimedium
WordPress Qards - Cross-Site Scripting
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2c
18RIESGO
abrir ↗Nucleihigh
Graphite <=1.1.5 - Server-Side Request Forgery
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulner
23RIESGO
abrir ↗Nucleimedium
Formidable Forms < 2.05.02 - Cross-Site Scripting
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
56RIESGO
abrir ↗Nucleimedium
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
28RIESGO
abrir ↗Nucleimedium
FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec
38RIESGO
abrir ↗Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthor
38RIESGO
abrir ↗Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthor
43RIESGO
abrir ↗Nucleihigh
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RIESGO
abrir ↗Nucleimedium
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li
43RIESGO
abrir ↗Nucleimedium
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x a
18RIESGO
abrir ↗Nucleihigh
NETGEAR Routers - Authentication Bypass
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R
100RIESGO
abrir ↗Nucleimedium
KMCIS CaseAware - Cross-Site Scripting
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr"
38RIESGO
abrir ↗Nucleicritical
Apache Struts 2 - Remote Command Execution
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir ↗Nucleicritical
Intel Active Management - Authentication Bypass
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RIESGO
abrir ↗Nucleimedium
OpenVPN Access Server 2.1.4 - CRLF Injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbit
18RIESGO
abrir ↗Nucleimedium
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive in
18RIESGO
abrir ↗Nucleihigh
Kodi 17.1 - Local File Inclusion
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files v
40RIESGO
abrir ↗Nucleicritical
JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer,
23RIESGO
abrir ↗Nucleihigh
PhpColl 2.5.1 Arbitrary File Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RIESGO
abrir ↗Nucleimedium
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RIESGO
abrir ↗Nucleicritical
Windows Server 2003 & IIS 6.0 - Remote Code Execution
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RIESGO
abrir ↗Nucleimedium
Magmi 0.7.22 - Cross-Site Scripting
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration o
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.