Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting
Stray Random Quotes <= 1.9.9 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php
28RIESGO
abrir ↗Nucleimedium
LifterLMS < 8.0.1 - Cross-Site Scripting
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes < 8.0.1 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting
WPMovieLibrary <= 2.1.4.8 - Reflected XSS
36RIESGO
abrir ↗Nucleihigh
Tube Video Ads Lite - Reflected XSS
Tube Video Ads Lite <= 1.5.7 - Reflected XSS
36RIESGO
abrir ↗Nucleimedium
OWL Carousel Slider - Cross-Site Scripting
WP Touch Slider <= 2.2 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
NewsTicker <= 1.0 - Reflected Cross-Site Scripting
News List <= 1.0 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Post Sync Plugin <= 1.1 - Cross-Site Scripting
Post Sync <= 1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
Themes Coder Ecommerce <= 1.3.4 - SQL Injection
Themes Coder <= 1.3.4 - Unauthenticated SQLi
36RIESGO
abrir ↗Nucleimedium
MemberSpace WordPress - Cross-Site Scripting
MemberSpace – Membership Plugin and Paid Subscriptions < 2.1.14 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Relevanssi (A Better Search) <= 4.22.0 - Query Log Export
Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export
40RIESGO
abrir ↗Nucleimedium
WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
SEO Tools <= 4.0.7 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
WPMobile.App <= 11.56 - Open Redirect
WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter
36RIESGO
abrir ↗Nucleicritical
St. Joe ERP system - SQL Injection
St. Joe ERP System SingleRowQueryConverter SQL Injection
63RIESGO
abrir ↗Nucleimedium
Studiocart <= 2.9.0 - Cross-Site Scripting
Studiocart <= 2.9.0 - Reflected XSS
36RIESGO
abrir ↗Nucleihigh
Mlflow < 2.9.2 - Path Traversal
Path Traversal Vulnerability in mlflow/mlflow
36RIESGO
abrir ↗Nucleicritical
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection
85RIESGO
abrir ↗Nucleihigh
Gradio 4.3-4.12 - Local File Read
Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
56RIESGO
abrir ↗Nucleicritical
NotificationX <= 2.8.2 - SQL Injection
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RIESGO
abrir ↗Nucleicritical
ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
Authentication bypass using an alternate path or channel
100RIESGO
abrir ↗Nucleihigh
Gradio > 4.19.1 UploadButton - Path Traversal
Local File Inclusion in gradio-app/gradio
58RIESGO
abrir ↗Nucleihigh
Tutor LMS <= 2.1.10 - SQL Injection
Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
36RIESGO
abrir ↗Nucleimedium
Cisco Finesse - Server-Side Request Forgery (SSRF)
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
61RIESGO
abrir ↗Nucleicritical
Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RIESGO
abrir ↗Nucleicritical
Hardcoded Admin Credentials For Cisco Smart Licensing Utility API
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an a
95RIESGO
abrir ↗Nucleicritical
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RIESGO
abrir ↗Nucleimedium
Liferay Portal - Open Redirect
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 be
28RIESGO
abrir ↗Nucleicritical
ZenML ZenML Server - Improper Authentication
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because t
58RIESGO
abrir ↗Nucleihigh
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.