Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.163exploits catalogados
31.687CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleihigh
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and vi
36RIESGO
abrir
Nucleicritical
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
CVE-2021-37415CRITICALbajo ataque
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs w
95RIESGO
abrir
Nucleimedium
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
18RIESGO
abrir
Nucleicritical
PrestaShop SmartBlog <4.0.6 - SQL Injection
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthentica
40RIESGO
abrir
Nucleimedium
Tiny Java Web Server - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS
18RIESGO
abrir
Nucleicritical
Apache ShenYu Admin JWT - Authentication Bypass
Apache ShenYu Admin bypass JWT authentication
50RIESGO
abrir
Nucleihigh
Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Cobranca before 12R allows SQL Injection on the login page.
43RIESGO
abrir
Nucleimedium
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
18RIESGO
abrir
Nucleimedium
phpfastcache - phpinfo Resource Exposure
Exposed phpinfo() in PhpFastCache
28RIESGO
abrir
Nucleimedium
Hotel Druid 3.0.2 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid applic
18RIESGO
abrir
Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary
23RIESGO
abrir
Nucleihigh
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as report
30RIESGO
abrir
Nucleihigh
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server
18RIESGO
abrir
Nucleimedium
Nagios XI < 5.8.6 - Cross-Site Scripting
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a
40RIESGO
abrir
Nucleimedium
Gnuboard 5 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5
36RIESGO
abrir
Nucleimedium
WordPress Redux Framework <=4.2.11 - Information Disclosure
Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure
33RIESGO
abrir
Nucleicritical
Apache Airflow - Unauthenticated Variable Import
Apache Airflow: Variable Import endpoint missed authentication check
40RIESGO
abrir
Nucleicritical
Microsoft Open Management Infrastructure - Remote Code Execution
CVE-2021-38647CRITICALbajo ataqueransomware
Open Management Infrastructure Remote Code Execution Vulnerability
100RIESGO
abrir
Nucleimedium
Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
18RIESGO
abrir
Nucleimedium
ClinicCases 7.3.3 Cross-Site Scripting
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to in
18RIESGO
abrir
Nucleimedium
ExponentCMS <= 2.6 - Host Header Injection
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can cha
18RIESGO
abrir
Nucleihigh
XStream 1.4.18 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RIESGO
abrir
Nucleihigh
XStream 1.4.18 - Remote Code Execution
CVE-2021-39144HIGHbajo ataque
XStream is vulnerable to a Remote Command Execution attack
100RIESGO
abrir
Nucleihigh
XStream 1.4.18 - Arbitrary Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
41RIESGO
abrir
Nucleihigh
XStream <1.4.18 - Server-Side Request Forgery
A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling
41RIESGO
abrir
Nucleimedium
Cachet <=2.3.18 - SQL Injection
Unauthenticated SQL Injection
36RIESGO
abrir
Nucleimedium
GLPI 9.2/<9.5.6 - Information Disclosure
Disclosure of GLPI and server information in telemetry endpoint
28RIESGO
abrir
Nucleihigh
Grafana Snapshot - Authentication Bypass
CVE-2021-39226CRITICALbajo ataque
Snapshot authentication bypass in grafana
95RIESGO
abrir
Nucleihigh
WordPress True Ranker <2.2.4 - Local File Inclusion
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RIESGO
abrir
Nucleihigh
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
68RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.