Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows atta
28RIESGO
abrir
Nucleimedium
Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows
28RIESGO
abrir
Nucleihigh
Kerio Control v9.2.5 - CRLF Injection
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertE
41RIESGO
abrir
Nucleicritical
Dolibarr ERP CMS `list.php` - SQL Injection
Multiple vulnerabilities in DOLIBARR's ERP CMS
55RIESGO
abrir
Nucleimedium
WordPress Events Calendar 6.8.2.1 - Information Disclosure
The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
28RIESGO
abrir
Nucleihigh
Devika - Local File Inclusion
Local File Read in stitionai/devika
36RIESGO
abrir
Nucleicritical
SSL VPN Session Hijacking
CVE-2024-53704HIGHbajo ataqueransomware
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RIESGO
abrir
Nucleicritical
Mongoose < 8.8.3 - Remote Code Execution
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
63RIESGO
abrir
Nucleihigh
Discourse Backup File Disclosure Via Default Nginx Configuration
Potential Backup file leaked via Nginx in Discourse
41RIESGO
abrir
Nucleilow
SickChill - Open Redirect
GHSL-2024-288: SickChill open redirect in login
23RIESGO
abrir
Nucleihigh
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro
36RIESGO
abrir
Nucleihigh
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
Authenticated Command Injection
36RIESGO
abrir
Nucleihigh
Hurrakify <= 2.4 - Server-Side Request Forgery
WordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerability
36RIESGO
abrir
Nucleihigh
Radio Player <= 2.0.82 - Server-Side Request Forgery
WordPress Radio Player plugin <= 2.0.83 - Server Side Request Forgery (SSRF) vulnerability
36RIESGO
abrir
Nucleimedium
ipTIME A2004 - Unauthorized Access
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensiti
28RIESGO
abrir
Nucleimedium
ipTIME A2004 - Unauthorized Access
An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensit
28RIESGO
abrir
Nucleihigh
AVM FRITZ!Box 7530 AX - Unauthorized Access
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sen
36RIESGO
abrir
Nucleimedium
LearnPress < 4.2.6.8.1 - Information Disclosure
LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API
28RIESGO
abrir
Nucleicritical
SEOPress < 7.9 - Authentication Bypass
SEOPress < 7.9 - Unauthenticated Object Injection
63RIESGO
abrir
Nucleimedium
IceWarp Server 10.2.1 - Cross-Site Scripting
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
28RIESGO
abrir
Nucleicritical
WordPress HTML5 Video Player < 2.5.27 - SQL Injection
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
28RIESGO
abrir
Nucleihigh
DevDojo Voyager <=1.8.0 - Arbitrary File Read
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
33RIESGO
abrir
Nucleilow
DevDojo Voyager <=1.8.0 - Cross-Site Scripting
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticate
28RIESGO
abrir
Nucleihigh
DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user u
33RIESGO
abrir
Nucleihigh
MasterSAM Star Gate v11 - Local File Inclusion
MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit th
48RIESGO
abrir
Nucleicritical
Mitel MiCollab - Arbitary File Read
CVE-2024-55550MEDIUMbajo ataqueransomware
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local fi
70RIESGO
abrir
Nucleicritical
Fortinet - Authentication Bypass
CVE-2024-55591CRITICALbajo ataqueransomware
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 thro
100RIESGO
abrir
Nucleicritical
Cleo Harmony < 5.8.0.24 - File Upload Vulnerability
CVE-2024-55956CRITICALbajo ataqueransomware
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RIESGO
abrir
Nucleicritical
Craft CMS - Remote Code Execution via Template Path Manipulation
CVE-2024-56145CRITICALbajo ataque
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RIESGO
abrir
Nucleimedium
Astro - Information Disclosure
Server source code is exposed to the public if sourcemaps are enabled
36RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.