Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
CVE-2022-3242911 nov 2022
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technolog
60RIESGO
abrir
Exploit-DB
Open Web Analytics 1.7.3 - Remote Code Execution
CVE-2022-2463711 nov 2022
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, wh
60RIESGO
abrir
Exploit-DB
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
CVE-2022-23854HIGH11 nov 2022
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an
68RIESGO
abrir
Exploit-DB
Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
CVE-2022-284006 oct 2022
Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
23RIESGO
abrir
Exploit-DB
Teleport v10.1.1 - Remote Code Execution (RCE)
CVE-2022-3663323 sep 2022
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ss
35RIESGO
abrir
Exploit-DB
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
CVE-2021-4045CRITICAL23 sep 2022
TP-LINK Tapo C200 remote code execution vulnerability
70RIESGO
abrir
Exploit-DB
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
CVE-2022-3414023 sep 2022
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RIESGO
abrir
Exploit-DB
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
CVE-2022-2941MEDIUM23 sep 2022
WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
33RIESGO
abrir
Exploit-DB
Bookwyrm v0.4.3 - Authentication Bypass
CVE-2022-2651CRITICAL20 sep 2022
Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm
53RIESGO
abrir
Exploit-DB
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
CVE-2022-3626720 sep 2022
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerabilit
35RIESGO
abrir
Exploit-DB
Blink1Control2 2.2.7 - Weak Password Encryption
CVE-2022-3551320 sep 2022
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
23RIESGO
abrir
Exploit-DB
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
CVE-2022-3078115 sep 2022
Gitea before 1.16.7 does not escape git fetch remote.
60RIESGO
abrir
Exploit-DB
Prestashop blockwishlist module 2.1.0 - SQLi
CVE-2022-31101HIGH09 ago 2022
SQL Injection in prestashop/blockwishlist
61RIESGO
abrir
Exploit-DB
PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
CVE-2020-2038HIGH09 ago 2022
PAN-OS: OS command injection vulnerability in the management web interface
78RIESGO
abrir
Exploit-DB
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
CVE-2022-3414009 ago 2022
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to
23RIESGO
abrir
Exploit-DB
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
CVE-2021-4275009 ago 2022
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RIESGO
abrir
Exploit-DB
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
CVE-2021-4275109 ago 2022
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrat
23RIESGO
abrir
Exploit-DB
uftpd 2.10 - Directory Traversal (Authenticated)
CVE-2020-2027702 ago 2022
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server ver
28RIESGO
abrir
Exploit-DB
Wavlink WN530HG4 - Password Disclosure
CVE-2022-3404701 ago 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via v
43RIESGO
abrir
Exploit-DB
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
CVE-2022-255201 ago 2022
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
38RIESGO
abrir
Exploit-DB
Wavlink WN533A8 - Password Disclosure
CVE-2022-3404601 ago 2022
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via vie
43RIESGO
abrir
Exploit-DB
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
CVE-2004-246601 ago 2022
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RIESGO
abrir
Exploit-DB
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
CVE-2022-255101 ago 2022
Duplicator < 1.4.7 - Unauthenticated Backup Download
43RIESGO
abrir
Exploit-DB
Wavlink WN533A8 - Cross-Site Scripting (XSS)
CVE-2022-3404801 ago 2022
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via th
38RIESGO
abrir
Exploit-DB
Dingtian-DT-R002 3.1.276A - Authentication Bypass
CVE-2022-29593MEDIUM29 jul 2022
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post reques
38RIESGO
abrir
Exploit-DB
rpc.py 0.6.0 - Remote Code Execution (RCE)
CVE-2022-3541129 jul 2022
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header i
35RIESGO
abrir
Exploit-DB
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
CVE-2022-3309821 jul 2022
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function.
35RIESGO
abrir
Exploit-DB
IOTransfer 4.0 - Remote Code Execution (RCE)
CVE-2022-2456221 jul 2022
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary
35RIESGO
abrir
Exploit-DB
CodoForum v5.1 - Remote Code Execution (RCE)
CVE-2022-3185421 jul 2022
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin
50RIESGO
abrir
Exploit-DB
OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
CVE-2021-3671121 jul 2022
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
28RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.