Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
CVE-2023-23286MEDIUM05 abr 2023
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the s
33RIESGO
abrir
Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
CVE-2022-2988505 abr 2023
EncryptInterceptor does not provide complete protection on insecure networks
45RIESGO
abrir
Exploit-DB
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
CVE-2022-48110MEDIUM05 abr 2023
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CK
33RIESGO
abrir
Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CVE-2022-2846MEDIUM05 abr 2023
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RIESGO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
CVE-2022-44268MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RIESGO
abrir
Exploit-DB
Binwalk v2.3.2 - Remote Command Execution (RCE)
CVE-2022-4510HIGH05 abr 2023
Path Traversal in binwalk
46RIESGO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - DoS
CVE-2022-44267MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RIESGO
abrir
Exploit-DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
CVE-2023-0214MEDIUM05 abr 2023
XSS in Skyhigh Security SWG
33RIESGO
abrir
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2020-5330HIGH05 abr 2023
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RIESGO
abrir
Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
CVE-2023-0315HIGH05 abr 2023
Command Injection in froxlor/froxlor
78RIESGO
abrir
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2019-15993HIGH05 abr 2023
Cisco Small Business Switches Information Disclosure Vulnerability
46RIESGO
abrir
Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
CVE-2023-0493MEDIUM05 abr 2023
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RIESGO
abrir
Exploit-DB
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
CVE-2022-46604HIGH05 abr 2023
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanis
41RIESGO
abrir
Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
CVE-2022-46552HIGH05 abr 2023
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RIESGO
abrir
Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
CVE-2021-33990CRITICAL05 abr 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RIESGO
abrir
Exploit-DB
Answerdev 1.0.3 - Account Takeover
CVE-2023-0744CRITICAL05 abr 2023
Improper Access Control in answerdev/answer
48RIESGO
abrir
Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-34128CRITICAL03 abr 2023
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RIESGO
abrir
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 abr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RIESGO
abrir
Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
CVE-2022-31056CRITICAL03 abr 2023
SQL injection with _actor parameter in GLPI
48RIESGO
abrir
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 abr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RIESGO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
CVE-2023-2316103 abr 2023
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to e
38RIESGO
abrir
Exploit-DB
sleuthkit 4.11.1 - Command Injection
CVE-2022-45639HIGH03 abr 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RIESGO
abrir
Exploit-DB
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
CVE-2022-31062MEDIUM03 abr 2023
Unauthenticated Local File Inclusion
33RIESGO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
CVE-2023-2316203 abr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RIESGO
abrir
Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
CVE-2022-34125MEDIUM03 abr 2023
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RIESGO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated
CVE-2023-2316303 abr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parame
23RIESGO
abrir
Exploit-DB
Nacos 2.0.3 - Access Control vulnerability
CVE-2021-4311603 abr 2023
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on l
23RIESGO
abrir
Exploit-DB
Windows 11 10.0.22000 - Backup service Privilege Escalation
CVE-2023-21752HIGH03 abr 2023
Windows Backup Service Elevation of Privilege Vulnerability
41RIESGO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-31126CRITICAL03 abr 2023
Unauthenticated Remote Code Execution in Roxy-wi
75RIESGO
abrir
Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
CVE-2020-25213CRITICALbajo ataque03 abr 2023
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.