Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.163exploits catalogados
31.687CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.132VulnCheck XDB 8069Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleihigh
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and vi
36RIESGO
abrir ↗Nucleicritical
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs w
95RIESGO
abrir ↗Nucleimedium
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
18RIESGO
abrir ↗Nucleicritical
PrestaShop SmartBlog <4.0.6 - SQL Injection
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthentica
40RIESGO
abrir ↗Nucleimedium
Tiny Java Web Server - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS
18RIESGO
abrir ↗Nucleicritical
Apache ShenYu Admin JWT - Authentication Bypass
Apache ShenYu Admin bypass JWT authentication
50RIESGO
abrir ↗Nucleihigh
Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Cobranca before 12R allows SQL Injection on the login page.
43RIESGO
abrir ↗Nucleimedium
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
18RIESGO
abrir ↗Nucleimedium
phpfastcache - phpinfo Resource Exposure
Exposed phpinfo() in PhpFastCache
28RIESGO
abrir ↗Nucleimedium
Hotel Druid 3.0.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid applic
18RIESGO
abrir ↗Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary
23RIESGO
abrir ↗Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as report
30RIESGO
abrir ↗Nucleihigh
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server
18RIESGO
abrir ↗Nucleimedium
Nagios XI < 5.8.6 - Cross-Site Scripting
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a
40RIESGO
abrir ↗Nucleimedium
Gnuboard 5 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5
36RIESGO
abrir ↗Nucleimedium
WordPress Redux Framework <=4.2.11 - Information Disclosure
Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure
33RIESGO
abrir ↗Nucleicritical
Apache Airflow - Unauthenticated Variable Import
Apache Airflow: Variable Import endpoint missed authentication check
40RIESGO
abrir ↗Nucleicritical
Microsoft Open Management Infrastructure - Remote Code Execution
Open Management Infrastructure Remote Code Execution Vulnerability
100RIESGO
abrir ↗Nucleimedium
Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
18RIESGO
abrir ↗Nucleimedium
ClinicCases 7.3.3 Cross-Site Scripting
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to in
18RIESGO
abrir ↗Nucleimedium
ExponentCMS <= 2.6 - Host Header Injection
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can cha
18RIESGO
abrir ↗Nucleihigh
XStream 1.4.18 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RIESGO
abrir ↗Nucleihigh
XStream 1.4.18 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
100RIESGO
abrir ↗Nucleihigh
XStream 1.4.18 - Arbitrary Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RIESGO
abrir ↗Nucleihigh
XStream <1.4.18 - Server-Side Request Forgery
A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling
41RIESGO
abrir ↗Nucleimedium
GLPI 9.2/<9.5.6 - Information Disclosure
Disclosure of GLPI and server information in telemetry endpoint
28RIESGO
abrir ↗Nucleihigh
Grafana Snapshot - Authentication Bypass
Snapshot authentication bypass in grafana
95RIESGO
abrir ↗Nucleihigh
WordPress True Ranker <2.2.4 - Local File Inclusion
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RIESGO
abrir ↗Nucleihigh
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.