Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
Joomla! ChronoForums 2.0.11 - Local File Inclusion
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
18RIESGO
abrir
Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
85RIESGO
abrir
Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
55RIESGO
abrir
Nucleicritical
QNAP HBS 3 - Broken Access Control
CVE-2021-28799CRITICALbajo ataqueransomware
Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
95RIESGO
abrir
Nucleicritical
Netmask NPM Package - Server-Side Request Forgery
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attacke
23RIESGO
abrir
Nucleihigh
Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) conta
18RIESGO
abrir
Nucleimedium
rConfig 3.9.6 - Local File Inclusion
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any
18RIESGO
abrir
Nucleihigh
LDAP Injection In OpenAM
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacke
60RIESGO
abrir
Nucleicritical
Apache OFBiz < 17.12.07 - Arbitrary Code Execution
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
30RIESGO
abrir
Nucleicritical
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infr
30RIESGO
abrir
Nucleicritical
Nacos <1.4.1 - Authentication Bypass
Authentication bypass
78RIESGO
abrir
Nucleihigh
Nacos <1.4.1 - Authentication Bypass
Authentication bypass
68RIESGO
abrir
Nucleimedium
Ghost CMS <=4.32 - Cross-Site Scripting
DOM XSS in Theme Preview
28RIESGO
abrir
Nucleimedium
Jellyfin 10.7.2 - Server Side Request Forgery
Unauthenticated GET requests through Remote Image endpoints
40RIESGO
abrir
Nucleihigh
XStream <1.4.17 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
58RIESGO
abrir
Nucleimedium
Prometheus - Open Redirect
Arbitrary redirects under /new endpoint
33RIESGO
abrir
Nucleimedium
Adminer <=4.8.0 - Cross-Site Scripting
XSS in doc_link
36RIESGO
abrir
Nucleimedium
Seo Panel 4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
18RIESGO
abrir
Nucleimedium
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
18RIESGO
abrir
Nucleicritical
Laminas Project laminas-http - Remote Code Execution
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead
60RIESGO
abrir
Nucleicritical
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
CVE-2021-30116CRITICALbajo ataqueransomware
Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
95RIESGO
abrir
Nucleicritical
Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution
Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
55RIESGO
abrir
Nucleicritical
Apache OFBiz <17.12.07 - Arbitrary Code Execution
Unsafe deserialization in Apache OFBiz
60RIESGO
abrir
Nucleimedium
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key paramet
28RIESGO
abrir
Nucleimedium
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explore
18RIESGO
abrir
Nucleihigh
Intelbras WIN 300/WRN 342 - Credentials Disclosure
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover creden
30RIESGO
abrir
Nucleicritical
ZEROF Web Server 1.0 - SQL Injection
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
18RIESGO
abrir
Nucleicritical
IPeakCMS 3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the
43RIESGO
abrir
Nucleihigh
ffay lanproxy Directory Traversal
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection t
23RIESGO
abrir
Nucleihigh
Dzzoffice 2.02.1 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.