Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the s
33RIESGO
abrir ↗Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
EncryptInterceptor does not provide complete protection on insecure networks
45RIESGO
abrir ↗Exploit-DB
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CK
33RIESGO
abrir ↗Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RIESGO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RIESGO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - DoS
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RIESGO
abrir ↗Exploit-DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
XSS in Skyhigh Security SWG
33RIESGO
abrir ↗Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RIESGO
abrir ↗Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
Command Injection in froxlor/froxlor
78RIESGO
abrir ↗Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Cisco Small Business Switches Information Disclosure Vulnerability
46RIESGO
abrir ↗Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RIESGO
abrir ↗Exploit-DB
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanis
41RIESGO
abrir ↗Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RIESGO
abrir ↗Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RIESGO
abrir ↗Exploit-DB
Answerdev 1.0.3 - Account Takeover
Improper Access Control in answerdev/answer
48RIESGO
abrir ↗Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RIESGO
abrir ↗Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RIESGO
abrir ↗Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
SQL injection with _actor parameter in GLPI
48RIESGO
abrir ↗Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RIESGO
abrir ↗Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RIESGO
abrir ↗Exploit-DB
sleuthkit 4.11.1 - Command Injection
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RIESGO
abrir ↗Exploit-DB
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
Unauthenticated Local File Inclusion
33RIESGO
abrir ↗Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RIESGO
abrir ↗Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RIESGO
abrir ↗Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parame
23RIESGO
abrir ↗Exploit-DB
Nacos 2.0.3 - Access Control vulnerability
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on l
23RIESGO
abrir ↗Exploit-DB
Windows 11 10.0.22000 - Backup service Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
Unauthenticated Remote Code Execution in Roxy-wi
75RIESGO
abrir ↗Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.