Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)
CVE-2021-4205308 oct 2021
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
23RIESGO
abrir
Exploit-DB
Google SLO-Generator 2.0.0 - Code Execution
CVE-2021-22557MEDIUM07 oct 2021
Code execution in SLO Generator via YAML Payload
33RIESGO
abrir
Exploit-DB
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
CVE-2021-41773HIGHbajo ataqueransomware06 oct 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
Exploit-DB
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
CVE-2021-26086MEDIUMbajo ataque06 oct 2021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path tr
100RIESGO
abrir
Exploit-DB
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
CVE-2021-26085MEDIUMbajo ataqueransomware05 oct 2021
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authoriza
100RIESGO
abrir
Exploit-DB
WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
CVE-2021-4131801 oct 2021
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input.
23RIESGO
abrir
Exploit-DB
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
CVE-2021-2428629 sep 2021
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir
Exploit-DB
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2428729 sep 2021
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir
Exploit-DB
WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427428 sep 2021
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
43RIESGO
abrir
Exploit-DB
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427528 sep 2021
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
43RIESGO
abrir
Exploit-DB
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427628 sep 2021
Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
43RIESGO
abrir
Exploit-DB
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2461028 sep 2021
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
23RIESGO
abrir
Exploit-DB
XAMPP 7.4.3 - Local Privilege Escalation
CVE-2020-1110727 sep 2021
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged
28RIESGO
abrir
Exploit-DB
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2416923 sep 2021
Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir
Exploit-DB
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
CVE-2021-4087523 sep 2021
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RIESGO
abrir
Exploit-DB
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
CVE-2021-2427223 sep 2021
Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
23RIESGO
abrir
Exploit-DB
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
CVE-2021-4086822 sep 2021
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
38RIESGO
abrir
Exploit-DB
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
CVE-2019-1335822 sep 2021
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying opera
28RIESGO
abrir
Exploit-DB
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
CVE-2021-29447HIGH20 sep 2021
WordPress Authenticated XXE attack when installation is running PHP 8
63RIESGO
abrir
Exploit-DB
WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass
CVE-2021-34646CRITICAL17 sep 2021
Booster for WooCommerce <= 5.4.3 Authentication Bypass
60RIESGO
abrir
Exploit-DB
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
CVE-2021-2404013 sep 2021
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files c
28RIESGO
abrir
Exploit-DB
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-3960806 sep 2021
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
35RIESGO
abrir
Exploit-DB
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
CVE-2021-4035206 sep 2021
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can re
23RIESGO
abrir
Exploit-DB
Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)
CVE-2021-4037902 sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 doe
28RIESGO
abrir
Exploit-DB
Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure
CVE-2021-4038202 sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allo
28RIESGO
abrir
Exploit-DB
Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure
CVE-2021-4038102 sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows
28RIESGO
abrir
Exploit-DB
Compro Technology IP Camera - 'Multiple' Credential Disclosure
CVE-2021-4038002 sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and set
28RIESGO
abrir
Exploit-DB
Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)
CVE-2021-4037802 sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killp
28RIESGO
abrir
Exploit-DB
Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-26084CRITICALbajo ataqueransomware01 sep 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir
Exploit-DB
Umbraco CMS 8.9.1 - Directory Traversal
CVE-2020-581131 ago 2021
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, whi
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.