Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleicritical
Magento Mass Importer <0.7.24 - Remote Auth Bypass
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in t
23RIESGO
abrir ↗Nucleicritical
UnRaid <=6.80 - Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
100RIESGO
abrir ↗Nucleicritical
F5 BIG-IP TMUI - Remote Code Execution
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RIESGO
abrir ↗Nucleimedium
CLink Office 2.0 - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote at
18RIESGO
abrir ↗Nucleicritical
SAP Solution Manager 7.2 - Remote Command Execution
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RIESGO
abrir ↗Nucleicritical
SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
100RIESGO
abrir ↗Nucleimedium
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated at
60RIESGO
abrir ↗Nucleicritical
OpenSIS 7.3 - SQL Injection
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
23RIESGO
abrir ↗Nucleimedium
Eclipse Mojarra - Local File Read
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or c
23RIESGO
abrir ↗Nucleimedium
WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
18RIESGO
abrir ↗Nucleicritical
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access
40RIESGO
abrir ↗Nucleicritical
LinuxKI Toolset <= 6.01 - Remote Command Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RIESGO
abrir ↗Nucleimedium
McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability
28RIESGO
abrir ↗Nucleicritical
Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enab
95RIESGO
abrir ↗Nucleihigh
Puppet Server/PuppetDB - Sensitive Information Disclosure
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For Pup
18RIESGO
abrir ↗Nucleicritical
Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir ↗Nucleicritical
Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to th
60RIESGO
abrir ↗Nucleimedium
Revive Adserver <=5.0.3 - Cross-Site Scripting
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver
18RIESGO
abrir ↗Nucleihigh
Ruby on Rails <5.0.1 - Remote Code Execution
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the
60RIESGO
abrir ↗Nucleimedium
Citrix ADC/Gateway - Cross-Site Scripting
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.1
23RIESGO
abrir ↗Nucleimedium
Citrix - Local File Inclusion
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14
100RIESGO
abrir ↗Nucleimedium
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14
23RIESGO
abrir ↗Nucleihigh
Citrix XenMobile Server - Local File Inclusion
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe
50RIESGO
abrir ↗Nucleimedium
Artica Pandora FMS <=7.42 - Arbitrary File Read
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format an
18RIESGO
abrir ↗Nucleimedium
IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RIESGO
abrir ↗Nucleicritical
DrayTek - Remote Code Execution
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow
100RIESGO
abrir ↗Nucleimedium
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a
38RIESGO
abrir ↗Nucleihigh
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php pa
23RIESGO
abrir ↗Nucleicritical
playSMS <1.4.3 - Remote Code Execution
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RIESGO
abrir ↗Nucleihigh
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.