Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleihigh
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RIESGO
abrir ↗Nucleihigh
DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
100RIESGO
abrir ↗Nucleimedium
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HT
38RIESGO
abrir ↗Nucleicritical
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unr
100RIESGO
abrir ↗Nucleimedium
WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename par
43RIESGO
abrir ↗Nucleimedium
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
50RIESGO
abrir ↗Nucleimedium
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web sc
18RIESGO
abrir ↗Nucleicritical
WordPress Gift Voucher <4.1.8 - Blind SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/ad
30RIESGO
abrir ↗Nucleicritical
LogonTracer <=1.2.0 - Remote Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
60RIESGO
abrir ↗Nucleicritical
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
50RIESGO
abrir ↗Nucleihigh
LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
50RIESGO
abrir ↗Nucleihigh
WordPress Localize My Post 1.0 - Local File Inclusion
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
50RIESGO
abrir ↗Nucleimedium
WordPress File Manager < 3.0 - Cross-Site Scripting
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_f
18RIESGO
abrir ↗Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the l
18RIESGO
abrir ↗Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authenticatio
23RIESGO
abrir ↗Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack
18RIESGO
abrir ↗Nucleicritical
NCBI ToolBox - Directory Traversal
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, whic
18RIESGO
abrir ↗Nucleimedium
Eventum <3.4.0 - Open Redirect
Eventum before 3.4.0 has an open redirect vulnerability.
18RIESGO
abrir ↗Nucleicritical
FUEL CMS 1.4.1 - Remote Code Execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RIESGO
abrir ↗Nucleicritical
Rubedo CMS <=3.4.0 - Directory Traversal
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RIESGO
abrir ↗Nucleimedium
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related i
18RIESGO
abrir ↗Nucleimedium
Apache2 - Transfer-Encoding Chunked XSS
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS
18RIESGO
abrir ↗Nucleicritical
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RIESGO
abrir ↗Nucleicritical
LG Supersign EZ CMS - Remote Code Execution
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RIESGO
abrir ↗Nucleicritical
WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RIESGO
abrir ↗Nucleicritical
Kibana - Local File Inclusion
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with
60RIESGO
abrir ↗Nucleicritical
Joomla! JCK Editor SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RIESGO
abrir ↗Nucleihigh
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as de
30RIESGO
abrir ↗Nucleimedium
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/
18RIESGO
abrir ↗Nucleicritical
Comodo Unified Threat Management Web Console - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.