Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleihigh
Odoo Apps - Cross-Site Scripting via Prototype Pollution
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a m
18RIESGO
abrir
Nucleicritical
Buffalo WSR-2533DHPL2 - Path Traversal
CVE-2021-20090CRITICALbajo ataque
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3
95RIESGO
abrir
Nucleihigh
Buffalo WSR-2533DHPL2 - Configuration File Injection
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RIESGO
abrir
Nucleihigh
Buffalo WSR-2533DHPL2 - Improper Access Control
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RIESGO
abrir
Nucleihigh
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the
18RIESGO
abrir
Nucleihigh
Draytek VigorConnect 1.6.0-B - Local File Inclusion
CVE-2021-20123HIGHbajo ataque
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the D
88RIESGO
abrir
Nucleihigh
Draytek VigorConnect 6.0-B3 - Local File Inclusion
CVE-2021-20124HIGHbajo ataque
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the W
78RIESGO
abrir
Nucleimedium
Gryphon Tower - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the
18RIESGO
abrir
Nucleimedium
Trendnet AC2600 TEW-827DRU - Credentials Disclosure
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authe
30RIESGO
abrir
Nucleicritical
Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauth
23RIESGO
abrir
Nucleihigh
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable
18RIESGO
abrir
Nucleimedium
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
30RIESGO
abrir
Nucleicritical
Acmailer - Improper Access Control to OS Command Injection
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows
18RIESGO
abrir
Nucleimedium
WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject
18RIESGO
abrir
Nucleicritical
MovableType - Remote Command Injection
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RIESGO
abrir
Nucleimedium
Adobe ColdFusion - Cross-Site Scripting
ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
40RIESGO
abrir
Nucleihigh
Spring Boot Actuator Logview Directory Traversal
Directory Traversal
61RIESGO
abrir
Nucleihigh
OneDev < 4.0.3 - User Access Token Leak
Pre-Auth Access token leak
48RIESGO
abrir
Nucleihigh
MinIO Browser API - Server-Side Request Forgery
Server-Side Request Forgery in MinIO Browser API
41RIESGO
abrir
Nucleicritical
Lucee Admin - Remote Code Execution
Remote Code Exploit in Lucee Admin
78RIESGO
abrir
Nucleihigh
Adminer <4.7.9 - Server-Side Request Forgery
CVE-2021-21311HIGHbajo ataque
SSRF in adminer
100RIESGO
abrir
Nucleihigh
Node.JS System Information Library <5.3.1 - Remote Command Injection
CVE-2021-21315HIGHbajo ataque
Command Injection Vulnerability
100RIESGO
abrir
Nucleicritical
XStream < 1.4.16 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
50RIESGO
abrir
Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Suppor
43RIESGO
abrir
Nucleicritical
XStream <1.4.16 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
50RIESGO
abrir
Nucleihigh
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
BuddyPress privilege escalation via REST API
61RIESGO
abrir
Nucleimedium
Jellyfin <10.7.0 - Local File Inclusion
Unauthenticated Arbitrary File Access in Jellyfin
78RIESGO
abrir
Nucleicritical
SCIMono <0.0.19 - Remote Code Execution
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availabi
41RIESGO
abrir
Nucleimedium
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use th
30RIESGO
abrir
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (2
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.