Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.171exploits catalogados
31.690CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8069Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
WordPress Under Construction <1.19 - Cross-Site Scripting
underConstruction <= 1.18 - Reflected Cross-Site Scripting
28RIESGO
abrir ↗Nucleimedium
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
28RIESGO
abrir ↗Nucleimedium
WordPress BulletProof Security 5.1 Information Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir ↗Nucleihigh
OptinMonster Plugin < 2.6.5 - Unprotected REST-API
OptinMonster <= 2.6.4 Unprotected REST-API Endpoints
41RIESGO
abrir ↗Nucleimedium
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting
28RIESGO
abrir ↗Nucleihigh
Hospital Management System 1.0 - Cross-Site Scripting
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searc
18RIESGO
abrir ↗Nucleihigh
BIQS IT Biqs-drive v1.83 Local File Inclusion
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific
18RIESGO
abrir ↗Nucleimedium
EyouCMS 1.5.4 Open Redirect
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function
18RIESGO
abrir ↗Nucleimedium
Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory.
18RIESGO
abrir ↗Nucleihigh
Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapp
18RIESGO
abrir ↗Nucleimedium
IRTS OP5 Monitor - Cross-Site Scripting
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
28RIESGO
abrir ↗Nucleicritical
Cobbler <3.3.0 - Remote Code Execution
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the lo
40RIESGO
abrir ↗Nucleicritical
Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery
mod_proxy SSRF
100RIESGO
abrir ↗Nucleicritical
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RIESGO
abrir ↗Nucleimedium
Opensis-Classic 8.0 - Cross-Site Scripting
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute Ja
18RIESGO
abrir ↗Nucleimedium
OS4Ed OpenSIS Community 8.0 - Local File Inclusion
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), wh
43RIESGO
abrir ↗Nucleihigh
D-Link DIR-605 - Information Disclosure
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name
88RIESGO
abrir ↗Nucleihigh
IND780 - Local File Inclusion
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Adva
36RIESGO
abrir ↗Nucleicritical
RegistrationMagic <= 5.0.1.7 - Authentication Bypass
RegistrationMagic <= 5.0.1.7 Authentication Bypass
43RIESGO
abrir ↗Nucleihigh
Geoserver - Server-Side Request Forgery
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
43RIESGO
abrir ↗Nucleihigh
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
30RIESGO
abrir ↗Nucleicritical
Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web
60RIESGO
abrir ↗Nucleimedium
Cloudron 6.2 Cross-Site Scripting
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
38RIESGO
abrir ↗Nucleicritical
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous
100RIESGO
abrir ↗Nucleihigh
Gurock TestRail Application files.md5 Exposure
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RIESGO
abrir ↗Nucleicritical
Galera WebTemplate 1.0 Directory Traversal
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd
18RIESGO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.