Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4191 exploits
Nucleicritical
Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Unauthenticated LFI
63RIESGO
abrir ↗Nucleihigh
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
28RIESGO
abrir ↗Nucleihigh
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
36RIESGO
abrir ↗Nucleicritical
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute
43RIESGO
abrir ↗Nucleihigh
Splunk Enterprise - Local File Inclusion
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RIESGO
abrir ↗Nucleicritical
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RIESGO
abrir ↗Nucleimedium
Argo CD Unauthenticated Access to sensitive setting
Unauthenticated Access to sensitive settings in Argo CD
28RIESGO
abrir ↗Nucleimedium
WP Extended < 3.0.0 - Stored Cross-Site Scripting
WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir ↗Nucleimedium
WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting
WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir ↗Nucleicritical
SecurEnvoy Two Factor Authentication - LDAP Injection
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-suppl
63RIESGO
abrir ↗Nucleihigh
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
36RIESGO
abrir ↗Nucleimedium
GnuBoard5 5.5.16 - Open Redirect
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the in
28RIESGO
abrir ↗Nucleihigh
OfficeWeb365 Indexs Interface - Arbitrary File Read
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 al
36RIESGO
abrir ↗Nucleicritical
Craft CMS <=v3.7.31 - SQL Injection
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
48RIESGO
abrir ↗Nucleicritical
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
68RIESGO
abrir ↗Nucleicritical
Cost Calculator Builder <= 3.2.15 - SQL Injection
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
43RIESGO
abrir ↗Nucleicritical
BerqWP <= 1.7.6 - Arbitrary File Upload
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
63RIESGO
abrir ↗Nucleihigh
Gradio - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in gradio-app/gradio
48RIESGO
abrir ↗Nucleimedium
Contest Gallery - Broken Access Control
WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
28RIESGO
abrir ↗Nucleicritical
Moodle - Remote Code Execution
Moodle: remote code execution via calculated question types
78RIESGO
abrir ↗Nucleicritical
Apache HugeGraph-Server <1.5.0 - Authentication Bypass
Apache HugeGraph-Server: Fixed JWT Token(Secret)
55RIESGO
abrir ↗Nucleimedium
osCommerce v4.0 - Cross-site Scripting
osCommerce all-products cross site scripting
28RIESGO
abrir ↗Nucleicritical
Progress Telerik Report Server - Authentication Bypass
Registration Authentication Bypass Vulnerability
100RIESGO
abrir ↗Nucleicritical
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RIESGO
abrir ↗Nucleicritical
YARPP <= 5.30.10 - Missing Authorization
WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability
40RIESGO
abrir ↗Nucleicritical
SendGrid for WordPress <= 1.4 - SQL Injection
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
36RIESGO
abrir ↗Nucleimedium
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WordPress Sunshine Photo Cart plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.