Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
Nagios XI v5.11.0 - SQL Injection
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers
23RIESGO
abrir
Nucleimedium
PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting
PHP Jabbers Availability Booking Calendar index.php cross site scripting
23RIESGO
abrir
Nucleicritical
SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
30RIESGO
abrir
Nucleimedium
PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting
PHP Jabbers Bus Reservation System index.php cross site scripting
28RIESGO
abrir
Nucleihigh
ShokoServer System - Local File Inclusion (LFI)
Arbitrary file read vulnerability in Shoko Server
36RIESGO
abrir
Nucleicritical
GeoServer WPS - Server Side Request Forgery
WPS Server Side Request Forgery in GeoServer
48RIESGO
abrir
Nucleimedium
mojoPortal v.2.7.0.0 - Cross-Site Scripting
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the he
28RIESGO
abrir
Nucleihigh
Ruijie RG-EW1200G Router Background - Login Bypass
Ruijie RG-EW1200G login improper authentication
48RIESGO
abrir
Nucleimedium
Adobe Coldfusion - Cross-Site Scripting
Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version
50RIESGO
abrir
Nucleicritical
Adobe ColdFusion WDDX Deserialization Gadgets
ColdFusion WDDX Deserialization Gadgets
65RIESGO
abrir
Nucleimedium
Piwigo - Cross-Site Scripting
Piwigo Reflected XSS vulnerability
43RIESGO
abrir
Nucleicritical
JeecgBoot JimuReport - Template injection
jeecgboot JimuReport Template injection
53RIESGO
abrir
Nucleimedium
Cockpit - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
28RIESGO
abrir
Nucleimedium
mooSocial v.3.1.8 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a c
18RIESGO
abrir
Nucleimedium
mooSocial v.3.1.8 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a c
18RIESGO
abrir
Nucleihigh
WordPress Job Portal < 2.0.6 - SQL Injection
WP Job Portal < 2.0.6 - Unauthenticated SQLi
63RIESGO
abrir
Nucleimedium
WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
28RIESGO
abrir
Nucleimedium
QNAP Music Station < 5.4.0 - Authentication Bypass
Music Station
28RIESGO
abrir
Nucleimedium
XWiki < 14.10.14 - Cross-Site Scripting
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
43RIESGO
abrir
Nucleicritical
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
75RIESGO
abrir
Nucleihigh
PrestaShop PireosPay - SQL Injection
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL
30RIESGO
abrir
Nucleicritical
D-Link DAR-8000-10 - Command Injection
D-Link DAR-8000-10 sys1.php os command injection
70RIESGO
abrir
Nucleimedium
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
SPA-Cart eCommerce CMS search cross site scripting
55RIESGO
abrir
Nucleimedium
MooSocial 3.1.8 - Cross-Site Scripting
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a cra
18RIESGO
abrir
Nucleimedium
Apache Tomcat - HTTP Request Smuggling
Apache Tomcat: Trailer header parsing too lenient
28RIESGO
abrir
Nucleimedium
Frigate < 0.13.0 Beta 3 - Cross-Site Scripting
Frigate reflected XSS through `/<camera_name>` API endpoints
28RIESGO
abrir
Nucleimedium
PaperCut NG Unauthenticated XMLRPC Functionality
PaperCut NG Unauthenticated XMLRPC
28RIESGO
abrir
Nucleimedium
Leantime < 2.4 - Authenticated SQL Injection
Authenticated SQL Injection in leantime
28RIESGO
abrir
Nucleicritical
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute a
23RIESGO
abrir
Nucleihigh
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.