Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleicritical
Atlassian Confluence Server - Path Traversal
CVE-2019-3396CRITICALbajo ataqueransomware
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RIESGO
abrir
Nucleihigh
Atlassian Confluence Download Attachments - Remote Code Execution
CVE-2019-3398HIGHbajo ataque
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RIESGO
abrir
Nucleimedium
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote
23RIESGO
abrir
Nucleimedium
Jira < 8.1.1 - Cross-Site Scripting
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows
18RIESGO
abrir
Nucleimedium
Jira - Incorrect Authorization
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and fr
30RIESGO
abrir
Nucleimedium
Spring Cloud Config Server - Local File Inclusion
Directory Traversal with spring-cloud-config-server
60RIESGO
abrir
Nucleimedium
LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an
18RIESGO
abrir
Nucleimedium
LabKey Server Community Edition <18.3.0 - Open Redirect
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL param
18RIESGO
abrir
Nucleicritical
Barco/AWIND OEM Presentation Platform - Remote Command Injection
CVE-2019-3929CRITICALbajo ataque
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RIESGO
abrir
Nucleimedium
IBM BigFix Platform - Information Disclosure
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd
33RIESGO
abrir
Nucleicritical
IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection
CVE-2019-4716CRITICALbajo ataque
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RIESGO
abrir
Nucleicritical
YouPHPTube Encoder 2.3 - Remote Command Injection
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the
55RIESGO
abrir
Nucleicritical
YouPHPTube Encoder - Arbitrary File Write
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the
55RIESGO
abrir
Nucleicritical
YouPHPTube Encoder 2.3 - Command Injection
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the
55RIESGO
abrir
Nucleihigh
Rails File Content Disclosure
CVE-2019-5418HIGHbajo ataque
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where spe
100RIESGO
abrir
Nucleicritical
Revive Adserver 4.2 - Remote Code Execution
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() cal
50RIESGO
abrir
Nucleimedium
FortiOS - Insecure LDAP Configuration Detection
CVE-2019-5591MEDIUMbajo ataque
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept s
83RIESGO
abrir
Nucleimedium
WordPress Sell Media 2.4.1 - Cross-Site Scripting
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows
18RIESGO
abrir
Nucleihigh
Drupal - Remote Code Execution
CVE-2019-6340HIGHbajo ataque
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir
Nucleicritical
Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for Wor
23RIESGO
abrir
Nucleicritical
XStream < 1.4.16 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
50RIESGO
abrir
Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Suppor
43RIESGO
abrir
Nucleicritical
XStream <1.4.16 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
50RIESGO
abrir
Nucleihigh
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
BuddyPress privilege escalation via REST API
61RIESGO
abrir
Nucleimedium
Jellyfin <10.7.0 - Local File Inclusion
Unauthenticated Arbitrary File Access in Jellyfin
78RIESGO
abrir
Nucleicritical
SCIMono <0.0.19 - Remote Code Execution
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availabi
41RIESGO
abrir
Nucleimedium
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use th
30RIESGO
abrir
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (2
48RIESGO
abrir
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RIESGO
abrir
Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.