Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleihigh
Joomla! Component GMapFP 3.5 - Arbitrary File Upload
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating
50RIESGO
abrir ↗Nucleicritical
Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the
23RIESGO
abrir ↗Nucleicritical
WordPress wpDiscuz <=7.0.4 - Remote Code Execution
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RIESGO
abrir ↗Nucleimedium
Mara CMS 7.5 - Cross-Site Scripting
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
43RIESGO
abrir ↗Nucleihigh
INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgi
18RIESGO
abrir ↗Nucleihigh
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htacce
23RIESGO
abrir ↗Nucleicritical
Mongo-Express - Remote Code Execution
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this m
40RIESGO
abrir ↗Nucleimedium
EpiServer Find <13.2.7 - Open Redirect
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted website
18RIESGO
abrir ↗Nucleihigh
NexusDB <4.50.23 - Local File Inclusion
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
23RIESGO
abrir ↗Nucleihigh
D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attac
18RIESGO
abrir ↗Nucleicritical
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection
48RIESGO
abrir ↗Nucleimedium
OX Appsuite - Cross-Site Scripting
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
18RIESGO
abrir ↗Nucleicritical
OsTicket < 1.14.3 - Server Side Request Forgery
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
60RIESGO
abrir ↗Nucleimedium
Quixplorer <=2.4.1 - Cross-Site Scripting
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied
28RIESGO
abrir ↗Nucleimedium
Cute Editor for ASP.NET 6.4 - Cross-Site Scripting
Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user
18RIESGO
abrir ↗Nucleimedium
QCube Cross-Site-Scripting
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQ
18RIESGO
abrir ↗Nucleihigh
PHP-Fusion 9.03.50 - Remote Code Execution
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a cr
50RIESGO
abrir ↗Nucleihigh
D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticate
100RIESGO
abrir ↗Nucleimedium
Pritunl VPN Server 1.29.2145.25 - Username Enumeration
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Ini
18RIESGO
abrir ↗Nucleicritical
WordPress File Manager Plugin - Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir ↗Nucleicritical
Sophos UTM Preauth - Remote Code Execution
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RIESGO
abrir ↗Nucleimedium
Xinuo Openserver 5/6 - Cross-Site scripting
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote at
38RIESGO
abrir ↗Nucleicritical
D-Link DNS-320 - Unauthenticated Remote Code Execution
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead
95RIESGO
abrir ↗Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Suppor
100RIESGO
abrir ↗Nucleihigh
ThinkAdmin 6 - Local File Inclusion
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RIESGO
abrir ↗Nucleihigh
Commvault CommCell - Local File Inclusion
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, D
18RIESGO
abrir ↗Nucleimedium
HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scriptin
18RIESGO
abrir ↗Nucleihigh
Cisco SD-WAN vManage Software - Local File Inclusion
Cisco SD-WAN vManage Directory Traversal Vulnerability
41RIESGO
abrir ↗Nucleimedium
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/
18RIESGO
abrir ↗Nucleicritical
Alerta < 8.1.0 - Authentication Bypass
LDAP authentication bypass in Alerta
55RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.