Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RIESGO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RIESGO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RIESGO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RIESGO
abrir
Nucleicritical
Advantech R-SeeNet 2.4.12 - OS Command Injection
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.
55RIESGO
abrir
Nucleimedium
D-Link DIR-3040 1.13B03 - Information Disclosure
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially craft
40RIESGO
abrir
Nucleicritical
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix Prem
55RIESGO
abrir
Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
CVE-2021-21972CRITICALbajo ataqueransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RIESGO
abrir
Nucleimedium
VMware vSphere - Server-Side Request Forgery
CVE-2021-21973MEDIUMbajo ataque
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of UR
100RIESGO
abrir
Nucleihigh
vRealize Operations Manager API - Server-Side Request Forgery
CVE-2021-21975HIGHbajo ataqueransomware
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RIESGO
abrir
Nucleicritical
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RIESGO
abrir
Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
CVE-2021-21985CRITICALbajo ataqueransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RIESGO
abrir
Nucleicritical
VMware vCenter Server - Arbitrary File Upload
CVE-2021-22005CRITICALbajo ataqueransomware
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RIESGO
abrir
Nucleimedium
vCenter Server - Improper Access Control
CVE-2021-22017MEDIUMbajo ataque
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A mali
70RIESGO
abrir
Nucleihigh
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to exe
23RIESGO
abrir
Nucleihigh
VMWare Workspace ONE UEM - Server-Side Request Forgery
CVE-2021-22054HIGHbajo ataque
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and
100RIESGO
abrir
Nucleimedium
FortiWeb - Cross Site Scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version
23RIESGO
abrir
Nucleimedium
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RIESGO
abrir
Nucleihigh
GitLab CI Lint API - Server-Side Request Forgery
CVE-2021-22175MEDIUMbajo ataque
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
70RIESGO
abrir
Nucleicritical
GitLab CE/EE - Remote Code Execution
CVE-2021-22205CRITICALbajo ataqueransomware
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RIESGO
abrir
Nucleihigh
Gitlab CE/EE 10.5 - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE
53RIESGO
abrir
Nucleicritical
Micro Focus Operations Bridge Reporter - Remote Code Execution
CVE-2021-22502CRITICALbajo ataque
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RIESGO
abrir
Nucleicritical
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to
30RIESGO
abrir
Nucleimedium
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg
50RIESGO
abrir
Nucleimedium
Ruby on Rails - Open Redirect via Host Header Injection
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Sp
40RIESGO
abrir
Nucleicritical
Rocket.Chat <=3.13 - NoSQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir
Nucleicritical
F5 iControl REST - Remote Command Execution
CVE-2021-22986CRITICALbajo ataqueransomware
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RIESGO
abrir
Nucleimedium
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (
23RIESGO
abrir
Nucleihigh
Lodash Template - Server-Side Template Injection (RCE)
Command Injection
41RIESGO
abrir
Nucleihigh
elFinder < 2.1.58 - Remote Code Execution
Remote Code Execution (RCE)
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.