Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
XWiki - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 3.4-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 6.2-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
43RIESGO
abrir ↗Nucleimedium
XWiki < 14.10.5 - Cross-Site Scripting
XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template
43RIESGO
abrir ↗Nucleicritical
Citrix NetScaler ADC and NetScaler Gateway - Remote Code Execution
Unauthenticated remote code execution
100RIESGO
abrir ↗Nucleimedium
FOSSBilling < 0.5.3 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
28RIESGO
abrir ↗Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.
40RIESGO
abrir ↗Nucleicritical
DedeCMS 5.7.109 - Server-Side Request Forgery
DedeCMS co_do.php server-side request forgery
28RIESGO
abrir ↗Nucleicritical
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RIESGO
abrir ↗Nucleihigh
NocoDB version <= 0.106.1 - Arbitrary File Read
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access
56RIESGO
abrir ↗Nucleihigh
Lightdash version <= 0.510.3 Arbitrary File Read
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory trav
56RIESGO
abrir ↗Nucleicritical
Cloudpanel 2 < 2.3.1 - Remote Code Execution
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
85RIESGO
abrir ↗Nucleihigh
Intelbras Switch - Information Disclosure
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to downlo
50RIESGO
abrir ↗Nucleihigh
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_p
18RIESGO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RIESGO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RIESGO
abrir ↗Nucleimedium
Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to exec
38RIESGO
abrir ↗Nucleimedium
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RIESGO
abrir ↗Nucleihigh
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to down
30RIESGO
abrir ↗Nucleicritical
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini document file inclusion
78RIESGO
abrir ↗Nucleimedium
Juniper Devices - Remote Code Execution
Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables
100RIESGO
abrir ↗Nucleicritical
Juniper J-Web - Remote Code Execution
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RIESGO
abrir ↗Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.
40RIESGO
abrir ↗Nucleicritical
Honeywell PM43 Printers - Command Injection
Printer web page invalid command execution
75RIESGO
abrir ↗Nucleicritical
OPNsense - Cross-Site Scripting to RCE
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 al
18RIESGO
abrir ↗Nucleihigh
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Fun
18RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Fun
18RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPa
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.