Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.171exploits catalogados
31.690CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
WordPress Under Construction <1.19 - Cross-Site Scripting
underConstruction <= 1.18 - Reflected Cross-Site Scripting
28RIESGO
abrir
Nucleimedium
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
28RIESGO
abrir
Nucleimedium
WordPress BulletProof Security 5.1 Information Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir
Nucleihigh
OptinMonster Plugin < 2.6.5 - Unprotected REST-API
OptinMonster <= 2.6.4 Unprotected REST-API Endpoints
41RIESGO
abrir
Nucleimedium
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting
28RIESGO
abrir
Nucleihigh
Hospital Management System 1.0 - Cross-Site Scripting
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searc
18RIESGO
abrir
Nucleihigh
BIQS IT Biqs-drive v1.83 Local File Inclusion
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific
18RIESGO
abrir
Nucleimedium
EyouCMS 1.5.4 Open Redirect
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function
18RIESGO
abrir
Nucleimedium
Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory.
18RIESGO
abrir
Nucleihigh
Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapp
18RIESGO
abrir
Nucleimedium
IRTS OP5 Monitor - Cross-Site Scripting
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
28RIESGO
abrir
Nucleicritical
Cobbler <3.3.0 - Remote Code Execution
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the lo
40RIESGO
abrir
Nucleicritical
Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery
CVE-2021-40438CRITICALbajo ataque
mod_proxy SSRF
100RIESGO
abrir
Nucleicritical
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
CVE-2021-40539CRITICALbajo ataqueransomware
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RIESGO
abrir
Nucleimedium
Opensis-Classic 8.0 - Cross-Site Scripting
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute Ja
18RIESGO
abrir
Nucleimedium
OS4Ed OpenSIS Community 8.0 - Local File Inclusion
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), wh
43RIESGO
abrir
Nucleihigh
D-Link DIR-605 - Information Disclosure
CVE-2021-40655HIGHbajo ataque
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name
88RIESGO
abrir
Nucleihigh
IND780 - Local File Inclusion
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Adva
36RIESGO
abrir
Nucleicritical
RegistrationMagic <= 5.0.1.7 - Authentication Bypass
RegistrationMagic <= 5.0.1.7 Authentication Bypass
43RIESGO
abrir
Nucleihigh
Geoserver - Server-Side Request Forgery
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
43RIESGO
abrir
Nucleihigh
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
30RIESGO
abrir
Nucleicritical
Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web
60RIESGO
abrir
Nucleimedium
Cloudron 6.2 Cross-Site Scripting
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
38RIESGO
abrir
Nucleicritical
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
CVE-2021-40870CRITICALbajo ataque
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous
100RIESGO
abrir
Nucleihigh
Gurock TestRail Application files.md5 Exposure
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RIESGO
abrir
Nucleicritical
Galera WebTemplate 1.0 Directory Traversal
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd
18RIESGO
abrir
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.