Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleicritical
Microsoft Exchange Server SSRF Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir ↗Nucleimedium
Odoo <= 15.0 - Cross-Site Scripting
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote att
28RIESGO
abrir ↗Nucleimedium
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated
18RIESGO
abrir ↗Nucleicritical
Sercomm VD625 Smart Modems - CRLF Injection
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via
23RIESGO
abrir ↗Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
18RIESGO
abrir ↗Nucleimedium
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
18RIESGO
abrir ↗Nucleicritical
Doctor Appointment System 1.0 - SQL Injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL q
23RIESGO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RIESGO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malic
18RIESGO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RIESGO
abrir ↗Nucleihigh
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malic
18RIESGO
abrir ↗Nucleimedium
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read
18RIESGO
abrir ↗Nucleihigh
Grafana Unauthenticated Snapshot Creation
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of
40RIESGO
abrir ↗Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RIESGO
abrir ↗Nucleimedium
FUDForum 3.1.0 - Cross-Site Scripting
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "
38RIESGO
abrir ↗Nucleicritical
YeaLink DM 3.6.0.20 - Remote Command Injection
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI,
95RIESGO
abrir ↗Nucleicritical
Pega Infinity - Authentication Bypass
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to byp
75RIESGO
abrir ↗Nucleicritical
Appspace 6.2.4 - Server-Side Request Forgery
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
30RIESGO
abrir ↗Nucleicritical
Apache Tapestry - Remote Code Execution
Bypass of the fix for CVE-2019-0195
60RIESGO
abrir ↗Nucleicritical
FatPipe WARP/IPVPN/MPVPN - Backdoor Account
FatPipe software administrative account with no password
43RIESGO
abrir ↗Nucleimedium
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
Missing authorization vulnerability in FatPipe software
28RIESGO
abrir ↗Nucleicritical
Apache Solr <=8.8.1 - Server-Side Request Forgery
SSRF vulnerability with the Replication handler
40RIESGO
abrir ↗Nucleimedium
Mautic <3.3.4 - Cross-Site Scripting
XSS vulnerability on password reset page
28RIESGO
abrir ↗Nucleicritical
LumisXP <10.0.0 - Blind XML External Entity Attack
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControl
23RIESGO
abrir ↗Nucleicritical
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RIESGO
abrir ↗Nucleimedium
Hongdian H8922 3.0.5 Devices - Local File Inclusion
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user
23RIESGO
abrir ↗Nucleimedium
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and oth
18RIESGO
abrir ↗Nucleihigh
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) f
23RIESGO
abrir ↗Nucleimedium
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RIESGO
abrir ↗Nucleimedium
Eclipse Jetty ConcatServlet - Information Disclosure
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doub
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.