Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
Rukovoditel <= 2.7.2 - Cross-Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticat
18RIESGO
abrir
Nucleicritical
CSE Bookstore 1.0 - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pub
23RIESGO
abrir
Nucleicritical
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalat
43RIESGO
abrir
Nucleimedium
Jira Server and Data Center - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
50RIESGO
abrir
Nucleicritical
ThemeGrill Demo Importer < 1.6.2 - Database Reset
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard
18RIESGO
abrir
Nucleimedium
Smartstore <4.1.0 - Open Redirect
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication,
18RIESGO
abrir
Nucleimedium
WordPress 15Zine <3.3.0 - Cross-Site Scripting
15Zine < 3.3.0 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleicritical
Adning Advertising <= 1.5.5 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Arbitrary File Upload
43RIESGO
abrir
Nucleicritical
WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
Epsilon Framework Themes (Various Versions) - Function Injection
75RIESGO
abrir
Nucleicritical
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation
43RIESGO
abrir
Nucleihigh
ListingPro < 2.6.1 - Sensitive Data Disclosure
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure
28RIESGO
abrir
Nucleimedium
WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal
28RIESGO
abrir
Nucleihigh
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
36RIESGO
abrir
Nucleihigh
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
36RIESGO
abrir
Nucleimedium
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
28RIESGO
abrir
Nucleicritical
Pinger 1.0 - Remote Code Execution
Pinger 1.0 - Remote Code Execution
63RIESGO
abrir
Nucleicritical
VMware vCenter Server LDAP Broken Access Control
CVE-2020-3952CRITICALbajo ataque
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RIESGO
abrir
Nucleicritical
IBM Data Risk Manager - Authentication Bypass via SAML
CVE-2020-4427CRITICALbajo ataque
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RIESGO
abrir
Nucleihigh
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc
68RIESGO
abrir
Nucleimedium
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
38RIESGO
abrir
Nucleihigh
Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages an
43RIESGO
abrir
Nucleimedium
Next.js <9.3.2 - Local File Inclusion
Directory Traversal in Next.js versions below 9.3.2
40RIESGO
abrir
Nucleicritical
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username paramet
23RIESGO
abrir
Nucleimedium
Spring Cloud Config - Local File Inclusion
Directory Traversal with spring-cloud-config-server
30RIESGO
abrir
Nucleihigh
Spring Cloud Config Server - Local File Inclusion
CVE-2020-5410HIGHbajo ataque
Directory Traversal with spring-cloud-config-server
100RIESGO
abrir
Nucleimedium
Spring Cloud Netflix - Server-Side Request Forgery
Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
23RIESGO
abrir
Nucleicritical
Grandstream UCM6200 - SQL Injection
CVE-2020-5722CRITICALbajo ataque
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RIESGO
abrir
Nucleihigh
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin f
18RIESGO
abrir
Nucleimedium
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas appli
18RIESGO
abrir
Nucleihigh
MAGMI - Cross-Site Request Forgery
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is poss
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.