Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RIESGO
abrir
Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RIESGO
abrir
Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RIESGO
abrir
Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RIESGO
abrir
Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RIESGO
abrir
Nucleihigh
Adobe ColdFusion - Arbitrary File Read
CVE-2024-20767HIGHbajo ataque
ColdFusion | Improper Access Control (CWE-284)
100RIESGO
abrir
Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RIESGO
abrir
Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RIESGO
abrir
Nucleihigh
MobSF - Path Traversal
Arbitrary file write on Decoding
36RIESGO
abrir
Nucleimedium
Flarum < 1.8.5 - Open Redirect
Flarum's Logout Route allows open redirects
28RIESGO
abrir
Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RIESGO
abrir
Nucleimedium
pyload - Log Injection
pyLoad Log Injection
33RIESGO
abrir
Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RIESGO
abrir
Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RIESGO
abrir
Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
CVE-2024-21887CRITICALbajo ataqueransomware
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RIESGO
abrir
Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
CVE-2024-21893HIGHbajo ataqueransomware
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RIESGO
abrir
Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RIESGO
abrir
Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RIESGO
abrir
Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RIESGO
abrir
Nucleihigh
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager code execution
65RIESGO
abrir
Nucleicritical
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated
55RIESGO
abrir
Nucleicritical
Netis MW5360 V1.0.1.3031 - Command Injection
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RIESGO
abrir
Nucleimedium
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitr
28RIESGO
abrir
Nucleimedium
Plone Docker - Host Header Injection
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper
28RIESGO
abrir
Nucleimedium
NS-ASG Application Security Gateway 6.3 - Sql Injection
Netentsec NS-ASG Application Security Gateway index.php sql injection
33RIESGO
abrir
Nucleihigh
aiohttp - Directory Traversal
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
70RIESGO
abrir
Nucleimedium
Avada < 7.11.7 - Information Disclosure
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
33RIESGO
abrir
Nucleicritical
Rejetto HTTP File Server - Template injection
CVE-2024-23692CRITICALbajo ataque
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.