Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleihigh
XStream <1.4.14 - Remote Code Execution
Remote Code Execution in XStream
58RIESGO
abrir
Nucleihigh
PrestaShop Product Comments <4.2.0 - SQL Injection
Blind SQL injection during the CommentGrade process
33RIESGO
abrir
Nucleihigh
XStream <1.4.15 - Server-Side Request Forgery
Server-Side Forgery Request can be activated unmarshalling with XStream
50RIESGO
abrir
Nucleimedium
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclo
40RIESGO
abrir
Nucleimedium
SAP Solution Manager - Open Redirect
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to
23RIESGO
abrir
Nucleihigh
WordPress WP Courses Plugin Information Disclosure
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for cour
18RIESGO
abrir
Nucleicritical
Ruckus vRioT IoT Controller - Authentication Bypass
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacke
50RIESGO
abrir
Nucleicritical
NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
CVE-2020-26919CRITICALbajo ataque
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
85RIESGO
abrir
Nucleicritical
phpMyAdmin < 5.0.3 - SQL Injection
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerabili
30RIESGO
abrir
Nucleicritical
Emby < 4.5.0 - Server Server-Side Request Forgery
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
40RIESGO
abrir
Nucleihigh
LionWiki <3.2.12 - Local File Inclusion
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the ind
18RIESGO
abrir
Nucleicritical
JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics)
68RIESGO
abrir
Nucleihigh
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within
18RIESGO
abrir
Nucleihigh
Processwire CMS <2.7.1 - Local File Inclusion
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
23RIESGO
abrir
Nucleicritical
Good Layers LMS Plugin <= 2.1.4 - SQL Injection
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_no
23RIESGO
abrir
Nucleicritical
WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via `log` Parameter
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_fa
30RIESGO
abrir
Nucleimedium
Wing FTP 6.4.4 - Cross-Site Scripting
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a craft
18RIESGO
abrir
Nucleimedium
KeyCloak - Information Exposure
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information a
23RIESGO
abrir
Nucleihigh
NETGEAR - Authentication Bypass
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020
36RIESGO
abrir
Nucleimedium
IceWarp WebMail 11.4.5.0 - Cross-Site Scripting
IceWarp 11.4.5.0 allows XSS via the language parameter.
18RIESGO
abrir
Nucleihigh
SonarQube - Authentication Bypass
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settin
41RIESGO
abrir
Nucleimedium
TerraMaster TOS < 4.2.06 - User Enumeration
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid us
23RIESGO
abrir
Nucleicritical
TerraMaster TOS - Unauthenticated Remote Command Execution
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RIESGO
abrir
Nucleimedium
Rocket.Chat <3.9.1 - Information Disclosure
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
23RIESGO
abrir
Nucleimedium
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a r
43RIESGO
abrir
Nucleicritical
geojson2kml - Command Injection
Command Injection
48RIESGO
abrir
Nucleicritical
ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RIESGO
abrir
Nucleicritical
Monitorr 1.7.6m - Unauthenticated Remote Code Execution
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RIESGO
abrir
Nucleimedium
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make
43RIESGO
abrir
Nucleicritical
WP Hotel Booking < 1.10.4 - PHP Object Injection
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.