Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir ↗Exploit-DB
OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
23RIESGO
abrir ↗Exploit-DB
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)
Local File read vulnerability in OctoberCMS
33RIESGO
abrir ↗Exploit-DB
Touchbase.io 1.10 - Stored Cross Site Scripting
HTML Injection in touchbase.ai
41RIESGO
abrir ↗Exploit-DB
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a r
43RIESGO
abrir ↗Exploit-DB
Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally
23RIESGO
abrir ↗Exploit-DB
Joplin 1.2.6 - 'link' Cross Site Scripting
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
23RIESGO
abrir ↗Exploit-DB
SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RIESGO
abrir ↗Exploit-DB
TP-Link WDR4300 - Remote Code Execution (Authenticated)
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated
35RIESGO
abrir ↗Exploit-DB
Amarok 2.8.0 - Denial-of-Service
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will tri
23RIESGO
abrir ↗Exploit-DB
DedeCMS v.5.8 - _keyword_ Cross-Site Scripting
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to
23RIESGO
abrir ↗Exploit-DB
Blueman < 2.1.4 - Local Privilege Escalation
Local privilege escalation Blueman
41RIESGO
abrir ↗Exploit-DB
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RIESGO
abrir ↗Exploit-DB
Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RIESGO
abrir ↗Exploit-DB
Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated)
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arb
35RIESGO
abrir ↗Exploit-DB
CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
23RIESGO
abrir ↗Exploit-DB
Bludit 3.9.2 - Auth Bruteforce Bypass
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many
40RIESGO
abrir ↗Exploit-DB
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
100RIESGO
abrir ↗Exploit-DB
HiSilicon Video Encoders - RCE via unauthenticated command injection
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpo
35RIESGO
abrir ↗Exploit-DB
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpo
35RIESGO
abrir ↗Exploit-DB
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, o
23RIESGO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthentic
28RIESGO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a
35RIESGO
abrir ↗Exploit-DB
HiSilicon Video Encoders - Full admin access via backdoor password
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use har
28RIESGO
abrir ↗Exploit-DB
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archi
28RIESGO
abrir ↗Exploit-DB
Seat Reservation System 1.0 - Unauthenticated SQL Injection
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input v
28RIESGO
abrir ↗Exploit-DB
Cisco ASA and FTD 9.6.4.42 - Path Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RIESGO
abrir ↗Exploit-DB
Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, lea
23RIESGO
abrir ↗Exploit-DB
D-Link DSR-250N 3.12 - Denial of Service (PoC)
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed
28RIESGO
abrir ↗Exploit-DB
SpamTitan 7.07 - Unauthenticated Remote Code Execution
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.