Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Nacos 2.0.3 - Access Control vulnerability
CVE-2021-4311603 abr 2023
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on l
23RIESGO
abrir
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 abr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RIESGO
abrir
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 abr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RIESGO
abrir
Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
CVE-2022-31056CRITICAL03 abr 2023
SQL injection with _actor parameter in GLPI
48RIESGO
abrir
Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-34128CRITICAL03 abr 2023
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RIESGO
abrir
Exploit-DB
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
CVE-2022-4819701 abr 2023
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, Tree
38RIESGO
abrir
Exploit-DB
AD Manager Plus 7122 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALbajo ataqueransomware01 abr 2023
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Exploit-DB
Apache 2.4.x - Buffer Overflow
CVE-2021-4479001 abr 2023
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
45RIESGO
abrir
Exploit-DB
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-2884CRITICAL01 abr 2023
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3
70RIESGO
abrir
Exploit-DB
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-44149HIGH01 abr 2023
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RIESGO
abrir
Exploit-DB
Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706HIGH01 abr 2023
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RIESGO
abrir
Exploit-DB
perfSONAR v4.4.5 - Partial Blind CSRF
CVE-2022-41413MEDIUM01 abr 2023
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attack
33RIESGO
abrir
Exploit-DB
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
CVE-2022-30519MEDIUM01 abr 2023
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary c
33RIESGO
abrir
Exploit-DB
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-44877CRITICALbajo ataque01 abr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RIESGO
abrir
Exploit-DB
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
CVE-2022-48194HIGH01 abr 2023
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a De
53RIESGO
abrir
Exploit-DB
Cacti v1.2.22 - Remote Command Execution (RCE)
CVE-2022-46169CRITICALbajo ataque31 mar 2023
Unauthenticated Command Injection
100RIESGO
abrir
Exploit-DB
EQ Enterprise management system v2.2.0 - SQL Injection
CVE-2022-45297CRITICAL31 mar 2023
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
48RIESGO
abrir
Exploit-DB
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
CVE-2022-46770HIGH31 mar 2023
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RIESGO
abrir
Exploit-DB
rconfig 3.9.7 - Sql Injection (Authenticated)
CVE-2022-45030HIGH31 mar 2023
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may
41RIESGO
abrir
Exploit-DB
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
CVE-2022-2841LOW30 mar 2023
CrowdStrike Falcon Uninstallation authorization
28RIESGO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24627CRITICAL30 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injec
68RIESGO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463230 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during f
28RIESGO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463030 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh
28RIESGO
abrir
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24629CRITICAL30 mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achie
60RIESGO
abrir
Exploit-DB
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
CVE-2022-40319HIGH30 mar 2023
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a
41RIESGO
abrir
Exploit-DB
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
CVE-2022-39195MEDIUM30 mar 2023
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary
48RIESGO
abrir
Exploit-DB
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-1565HIGH29 mar 2023
Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload
46RIESGO
abrir
Exploit-DB
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
CVE-2022-38580CRITICAL28 mar 2023
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
53RIESGO
abrir
Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
CVE-2022-3227228 mar 2023
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RIESGO
abrir
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
CVE-2022-41441MEDIUM28 mar 2023
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts o
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.