Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
CVE-2023-31747HIGH25 may 2023
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the comp
41RIESGO
abrir
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
CVE-2020-6627CRITICAL25 may 2023
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS comman
53RIESGO
abrir
Exploit-DB
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2023-3169823 may 2023
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's securit
23RIESGO
abrir
Exploit-DB
Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
CVE-2023-31873HIGH23 may 2023
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
41RIESGO
abrir
Exploit-DB
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
CVE-2023-27350CRITICALbajo ataqueransomware23 may 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
Exploit-DB
Optoma 1080PSTX Firmware C02 - Authentication Bypass
CVE-2023-27823CRITICAL23 may 2023
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid cr
60RIESGO
abrir
Exploit-DB
Apache Superset 2.0.0 - Authentication Bypass
CVE-2023-27524HIGHbajo ataque23 may 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
Exploit-DB
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
CVE-2023-1934CRITICAL23 may 2023
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL
48RIESGO
abrir
Exploit-DB
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
CVE-2023-30256MEDIUM23 may 2023
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive informat
48RIESGO
abrir
Exploit-DB
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
CVE-2023-31703CRITICAL23 may 2023
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allo
48RIESGO
abrir
Exploit-DB
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
CVE-2023-31702HIGH23 may 2023
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to d
41RIESGO
abrir
Exploit-DB
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
CVE-2023-31699MEDIUM23 may 2023
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
33RIESGO
abrir
Exploit-DB
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
CVE-2023-25439MEDIUM23 may 2023
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitr
33RIESGO
abrir
Exploit-DB
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
CVE-2022-41544HIGH23 may 2023
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file paramete
41RIESGO
abrir
Exploit-DB
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
CVE-2023-31874HIGH23 may 2023
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_pro
41RIESGO
abrir
Exploit-DB
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
CVE-2023-25440MEDIUM23 may 2023
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to exe
33RIESGO
abrir
Exploit-DB
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
CVE-2022-2591HIGH13 may 2023
TEM FLEX-1085 reboot denial of service
41RIESGO
abrir
Exploit-DB
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
CVE-2022-47875HIGH05 may 2023
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to ex
46RIESGO
abrir
Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
CVE-2022-47876CRITICAL05 may 2023
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code v
48RIESGO
abrir
Exploit-DB
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
CVE-2022-47874MEDIUM05 may 2023
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of dat
38RIESGO
abrir
Exploit-DB
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
CVE-2022-47878CRITICAL05 may 2023
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authentica
60RIESGO
abrir
Exploit-DB
Jedox 2022.4.2 - Code Execution via RPC Interfaces
CVE-2022-47879HIGH05 may 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load a
41RIESGO
abrir
Exploit-DB
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
CVE-2022-47880MEDIUM05 may 2023
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users wi
33RIESGO
abrir
Exploit-DB
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
CVE-2023-2246MEDIUM05 may 2023
SourceCodester Online Pizza Ordering System unrestricted upload
33RIESGO
abrir
Exploit-DB
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
CVE-2022-47877CRITICAL05 may 2023
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web
48RIESGO
abrir
Exploit-DB
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
CVE-2023-25438HIGH02 may 2023
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalat
41RIESGO
abrir
Exploit-DB
FS-S3900-24T4S - Privilege Escalation
CVE-2023-30350HIGH02 may 2023
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin
41RIESGO
abrir
Exploit-DB
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
CVE-2023-1671CRITICALbajo ataque25 abr 2023
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10
100RIESGO
abrir
Exploit-DB
PaperCut NG/MG 22.0.4 - Authentication Bypass
CVE-2023-27350CRITICALbajo ataqueransomware25 abr 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
Exploit-DB
KodExplorer 4.49 - CSRF to Arbitrary File Upload
CVE-2022-4944MEDIUM25 abr 2023
kalcaddle KodExplorer cross-site request forgery
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.