Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.105exploits catalogados
31.648CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
CVE-2021-2456312 ene 2022
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
28RIESGO
abrir
Exploit-DB
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
CVE-2009-018210 ene 2022
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in
50RIESGO
abrir
Exploit-DB
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-4491610 ene 2022
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad
23RIESGO
abrir
Exploit-DB
CoreFTP Server build 725 - Directory Traversal (Authenticated)
CVE-2022-2283610 ene 2022
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP
23RIESGO
abrir
Exploit-DB
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
CVE-2021-39312HIGH05 ene 2022
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RIESGO
abrir
Exploit-DB
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
CVE-2021-2475005 ene 2022
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
50RIESGO
abrir
Exploit-DB
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
CVE-2021-4542505 ene 2022
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScrip
23RIESGO
abrir
Exploit-DB
Nettmp NNT 5.1 - SQLi Authentication Bypass
CVE-2021-4581405 ene 2022
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel
23RIESGO
abrir
Exploit-DB
ConnectWise Control 19.2.24707 - Username Enumeration
CVE-2019-1651605 ene 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumer
28RIESGO
abrir
Exploit-DB
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-43857CRITICAL05 ene 2022
Gerapy may contain remote code execution vulnerability
60RIESGO
abrir
Exploit-DB
Automox Agent 32 - Local Privilege Escalation
CVE-2021-4332605 ene 2022
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
23RIESGO
abrir
Exploit-DB
WBCE CMS 1.5.1 - Admin Password Reset
CVE-2021-3817CRITICAL20 dic 2021
SQL Injection in wbce/wbce_cms
60RIESGO
abrir
Exploit-DB
Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration
CVE-2021-4484816 dic 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication reques
43RIESGO
abrir
Exploit-DB
Apache Log4j2 2.14.1 - Information Disclosure
CVE-2021-44228CRITICALbajo ataqueransomware14 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Exploit-DB
Apache Log4j 2 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALbajo ataqueransomware14 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Exploit-DB
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
CVE-2019-958114 dic 2021
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitra
28RIESGO
abrir
Exploit-DB
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
CVE-2021-4504313 dic 2021
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_L
50RIESGO
abrir
Exploit-DB
WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-43936CRITICAL13 dic 2021
Distributed Data Systems WebHM
60RIESGO
abrir
Exploit-DB
Raspberry Pi 5.10 - Default Credentials
CVE-2021-3875909 dic 2021
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain a
28RIESGO
abrir
Exploit-DB
Student Management System 1.0 - SQLi Authentication Bypass
CVE-2020-2393509 dic 2021
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (
28RIESGO
abrir
Exploit-DB
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
CVE-2021-43798HIGHbajo ataque09 dic 2021
Grafana path traversal
100RIESGO
abrir
Exploit-DB
Auerswald COMpact 8.0B - Multiple Backdoors
CVE-2021-4085906 dic 2021
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web
60RIESGO
abrir
Exploit-DB
Croogo 3.0.2 - Remote Code Execution (Authenticated)
CVE-2021-4467306 dic 2021
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malic
23RIESGO
abrir
Exploit-DB
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
CVE-2021-39316HIGH03 dic 2021
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RIESGO
abrir
Exploit-DB
Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting
CVE-2021-4057701 dic 2021
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP an
23RIESGO
abrir
Exploit-DB
Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)
CVE-2019-13272HIGHbajo ataque23 nov 2021
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RIESGO
abrir
Exploit-DB
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
CVE-2021-4284017 nov 2021
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RIESGO
abrir
Exploit-DB
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-22205CRITICALbajo ataqueransomware17 nov 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RIESGO
abrir
Exploit-DB
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
CVE-2021-3532317 nov 2021
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
38RIESGO
abrir
Exploit-DB
Online Learning System 2.0 - Remote Code Execution (RCE)
CVE-2021-4258016 nov 2021
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/adm
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.