Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
4191 exploits
Nucleicritical
Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Unauthenticated LFI
63RIESGO
abrir
Nucleihigh
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
28RIESGO
abrir
Nucleihigh
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
36RIESGO
abrir
Nucleicritical
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute
43RIESGO
abrir
Nucleihigh
Splunk Enterprise - Local File Inclusion
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RIESGO
abrir
Nucleicritical
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RIESGO
abrir
Nucleimedium
Argo CD Unauthenticated Access to sensitive setting
Unauthenticated Access to sensitive settings in Argo CD
28RIESGO
abrir
Nucleimedium
WP Extended < 3.0.0 - Stored Cross-Site Scripting
WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir
Nucleimedium
WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting
WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir
Nucleicritical
SecurEnvoy Two Factor Authentication - LDAP Injection
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-suppl
63RIESGO
abrir
Nucleihigh
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
36RIESGO
abrir
Nucleimedium
Hostel < 1.1.5.3 - Cross-Site Scripting
Hostel < 1.1.5.3 - Reflected XSS
28RIESGO
abrir
Nucleimedium
GnuBoard5 5.5.16 - Open Redirect
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the in
28RIESGO
abrir
Nucleihigh
OfficeWeb365 Indexs Interface - Arbitrary File Read
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 al
36RIESGO
abrir
Nucleicritical
Craft CMS <=v3.7.31 - SQL Injection
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
48RIESGO
abrir
Nucleicritical
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
68RIESGO
abrir
Nucleicritical
Cost Calculator Builder <= 3.2.15 - SQL Injection
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
43RIESGO
abrir
Nucleicritical
BerqWP <= 1.7.6 - Arbitrary File Upload
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
63RIESGO
abrir
Nucleihigh
LoLLMS WebUI < 9.8 - Path Traversal
Path Traversal in parisneo/lollms-webui
48RIESGO
abrir
Nucleihigh
Gradio - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in gradio-app/gradio
48RIESGO
abrir
Nucleimedium
Contest Gallery - Broken Access Control
WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
28RIESGO
abrir
Nucleicritical
ZoneMinder - SQL Injection
ZoneMinder Time-based SQL Injection
43RIESGO
abrir
Nucleicritical
Moodle - Remote Code Execution
Moodle: remote code execution via calculated question types
78RIESGO
abrir
Nucleicritical
Apache HugeGraph-Server <1.5.0 - Authentication Bypass
Apache HugeGraph-Server: Fixed JWT Token(Secret)
55RIESGO
abrir
Nucleimedium
osCommerce v4.0 - Cross-site Scripting
osCommerce all-products cross site scripting
28RIESGO
abrir
Nucleicritical
Progress Telerik Report Server - Authentication Bypass
CVE-2024-4358CRITICALbajo ataque
Registration Authentication Bypass Vulnerability
100RIESGO
abrir
Nucleicritical
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RIESGO
abrir
Nucleicritical
YARPP <= 5.30.10 - Missing Authorization
WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability
40RIESGO
abrir
Nucleicritical
SendGrid for WordPress <= 1.4 - SQL Injection
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
36RIESGO
abrir
Nucleimedium
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WordPress Sunshine Photo Cart plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.