Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
WP Finance Plugin <= 1.3.6 - Cross-Site Scripting
WP Finance <= 1.3.6 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress Email Newsletter - Reflected XSS
WP Email Newsletter <= 1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Widget4Call WordPress - Cross-Site Scripting
Widget4call <= 1.0.7 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WP MediaTagger <= 4.1.1 - Cross-Site Scripting
WP MediaTagger <= 4.1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
Download Manager < 3.3.07 - Unauthenticated Data Exposure
28RIESGO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir ↗Nucleicritical
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RIESGO
abrir ↗Nucleimedium
Privacy Policy Genius - Cross-Site Scripting
Policy Genius <= 2.0.4 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress Google Map Professional - Cross-Site Scripting
Google Map Professional <= 1.0 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress User Messages <= 1.2.4 - Reflected XSS
User Messages <= 1.2.4 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive inf
48RIESGO
abrir ↗Nucleihigh
Artica Proxy - Unauthenticated LFI
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
68RIESGO
abrir ↗Nucleihigh
Adobe ColdFusion - Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RIESGO
abrir ↗Nucleihigh
Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported
36RIESGO
abrir ↗Nucleimedium
Dash Framework - Cross-site Scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; v
28RIESGO
abrir ↗Nucleimedium
Flarum < 1.8.5 - Open Redirect
Flarum's Logout Route allows open redirects
28RIESGO
abrir ↗Nucleihigh
pyLoad Flask Config - Access Control
pyLoad unauthenticated flask configuration leakage
48RIESGO
abrir ↗Nucleicritical
XWiki < 4.10.20 - Remote code execution
XWiki Remote Code Execution vulnerability via user registration
65RIESGO
abrir ↗Nucleihigh
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RIESGO
abrir ↗Nucleicritical
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RIESGO
abrir ↗Nucleihigh
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RIESGO
abrir ↗Nucleihigh
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se
78RIESGO
abrir ↗Nucleimedium
Fastify Swagger-UI - Information Disclosure
Default swagger-ui configuration exposes all files in the module
28RIESGO
abrir ↗Nucleicritical
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager JDNI injection
58RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.