Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Simple Subscription Website 1.0 - SQLi Authentication Bypass
CVE-2021-4314015 nov 2021
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
23RIESGO
abrir
Exploit-DB
WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)
CVE-2021-2466415 nov 2021
WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
23RIESGO
abrir
Exploit-DB
PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
CVE-2021-4361715 nov 2021
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Val
28RIESGO
abrir
Exploit-DB
FormaLMS 2.4.4 - Authentication Bypass
CVE-2021-4313611 nov 2021
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain
28RIESGO
abrir
Exploit-DB
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
CVE-2021-42013CRITICALbajo ataqueransomware11 nov 2021
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RIESGO
abrir
Exploit-DB
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
CVE-2021-41773HIGHbajo ataqueransomware11 nov 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
Exploit-DB
FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-4340508 nov 2021
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained t
35RIESGO
abrir
Exploit-DB
OpenAM 13.0 - LDAP Injection
CVE-2021-2915603 nov 2021
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacke
60RIESGO
abrir
Exploit-DB
Fuel CMS 1.4.1 - Remote Code Execution (3)
CVE-2018-1676303 nov 2021
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RIESGO
abrir
Exploit-DB
Eclipse Jetty 11.0.5 - Sensitive File Disclosure
CVE-2021-34429MEDIUM03 nov 2021
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RIESGO
abrir
Exploit-DB
Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit)
CVE-2021-2083729 oct 2021
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RIESGO
abrir
Exploit-DB
WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)
CVE-2021-3168229 oct 2021
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for re
43RIESGO
abrir
Exploit-DB
phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
CVE-2018-1261325 oct 2021
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RIESGO
abrir
Exploit-DB
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)
CVE-2021-42013CRITICALbajo ataqueransomware25 oct 2021
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RIESGO
abrir
Exploit-DB
Hikvision Web Server Build 210702 - Command Injection
CVE-2021-36260CRITICALbajo ataque25 oct 2021
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RIESGO
abrir
Exploit-DB
WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2444425 oct 2021
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
23RIESGO
abrir
Exploit-DB
Jetty 9.4.37.v20210219 - Information Disclosure
CVE-2021-28164MEDIUM22 oct 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RIESGO
abrir
Exploit-DB
SonicWall SMA 10.2.1.0-17sv - Password Reset
CVE-2021-2003420 oct 2021
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal
45RIESGO
abrir
Exploit-DB
myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)
CVE-2021-4256519 oct 2021
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
38RIESGO
abrir
Exploit-DB
WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2471919 oct 2021
Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)
23RIESGO
abrir
Exploit-DB
myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)
CVE-2021-4256619 oct 2021
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
38RIESGO
abrir
Exploit-DB
Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)
CVE-2018-1606118 oct 2021
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
23RIESGO
abrir
Exploit-DB
Plastic SCM 10.0.16.5622 - WebAdmin Server Access
CVE-2021-4138218 oct 2021
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
23RIESGO
abrir
Exploit-DB
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read
CVE-2020-11738HIGHbajo ataque18 oct 2021
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir
Exploit-DB
Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure
CVE-2018-1606018 oct 2021
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listi
28RIESGO
abrir
Exploit-DB
i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
CVE-2021-4187815 oct 2021
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enable
38RIESGO
abrir
Exploit-DB
Sonicwall SonicOS 7.0 - Host Header Injection
CVE-2021-2003113 oct 2021
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management
43RIESGO
abrir
Exploit-DB
Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
CVE-2021-42013CRITICALbajo ataqueransomware13 oct 2021
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RIESGO
abrir
Exploit-DB
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
CVE-2020-1077013 oct 2021
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using
50RIESGO
abrir
Exploit-DB
Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-3217208 oct 2021
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.