Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
WP Finance Plugin <= 1.3.6 - Cross-Site Scripting
WP Finance <= 1.3.6 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress Email Newsletter - Reflected XSS
WP Email Newsletter <= 1.1 - Reflected XSS
28RIESGO
abrir
Nucleimedium
Widget4Call WordPress - Cross-Site Scripting
Widget4call <= 1.0.7 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WP MediaTagger <= 4.1.1 - Cross-Site Scripting
WP MediaTagger <= 4.1.1 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
Download Manager < 3.3.07 - Unauthenticated Data Exposure
28RIESGO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
CVE-2024-13159CRITICALbajo ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
CVE-2024-13160CRITICALbajo ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir
Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
CVE-2024-13161CRITICALbajo ataque
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir
Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RIESGO
abrir
Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RIESGO
abrir
Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RIESGO
abrir
Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RIESGO
abrir
Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RIESGO
abrir
Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RIESGO
abrir
Nucleihigh
Adobe ColdFusion - Arbitrary File Read
CVE-2024-20767HIGHbajo ataque
ColdFusion | Improper Access Control (CWE-284)
100RIESGO
abrir
Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RIESGO
abrir
Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RIESGO
abrir
Nucleihigh
MobSF - Path Traversal
Arbitrary file write on Decoding
36RIESGO
abrir
Nucleimedium
Flarum < 1.8.5 - Open Redirect
Flarum's Logout Route allows open redirects
28RIESGO
abrir
Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RIESGO
abrir
Nucleimedium
pyload - Log Injection
pyLoad Log Injection
33RIESGO
abrir
Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RIESGO
abrir
Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RIESGO
abrir
Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
CVE-2024-21887CRITICALbajo ataqueransomware
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RIESGO
abrir
Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
CVE-2024-21893HIGHbajo ataqueransomware
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RIESGO
abrir
Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RIESGO
abrir
Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RIESGO
abrir
Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.