Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleicritical
Apache Struts2 S2-012 RCE
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute
40RIESGO
abrir ↗Nucleimedium
Apache Struts - Multiple Open Redirection Vulnerabilities
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to
60RIESGO
abrir ↗Nucleicritical
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a
100RIESGO
abrir ↗Nucleimedium
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow
38RIESGO
abrir ↗Nucleimedium
Telaen => v1.3.1 - Open Redirect
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victim
43RIESGO
abrir ↗Nucleimedium
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earli
43RIESGO
abrir ↗Nucleimedium
Javafaces LFI
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2;
50RIESGO
abrir ↗Nucleimedium
WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for
43RIESGO
abrir ↗Nucleimedium
WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPr
43RIESGO
abrir ↗Nucleilow
AVTECH DVR - Login Verification Code Bypass
AVTECH AVN801 DVR has a security bypass via the administration login captcha
43RIESGO
abrir ↗Nucleimedium
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager all
43RIESGO
abrir ↗Nucleimedium
Xibo 1.2.2/1.4.1 - Directory Traversal
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attacke
43RIESGO
abrir ↗Nucleimedium
WordPress Spreadsheet - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 f
18RIESGO
abrir ↗Nucleimedium
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RIESGO
abrir ↗Nucleimedium
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote
43RIESGO
abrir ↗Nucleicritical
XStream <1.4.6/1.4.10 - Remote Code Execution
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a rem
60RIESGO
abrir ↗Nucleimedium
Sitecore CMS - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to in
18RIESGO
abrir ↗Nucleihigh
DomPHP 0.83 - Directory Traversal
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a ..
43RIESGO
abrir ↗Nucleicritical
Eyou E-Mail <3.6 - Remote Code Execution
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary comman
23RIESGO
abrir ↗Nucleicritical
ZTE Cable Modem Web Shell
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd
50RIESGO
abrir ↗Nucleicritical
Lighttpd 1.4.34 SQL Injection and Path Traversal
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary
30RIESGO
abrir ↗Nucleimedium
Dompdf < v0.6.0 - Local File Inclusion
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroo
50RIESGO
abrir ↗Nucleimedium
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x
43RIESGO
abrir ↗Nucleihigh
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware befor
50RIESGO
abrir ↗Nucleimedium
ElasticSearch v1.1.1/1.2 RCE
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir ↗Nucleicritical
Seagate BlackArmor NAS - Command Injection
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmg
30RIESGO
abrir ↗Nucleihigh
Drupal SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
60RIESGO
abrir ↗Nucleihigh
Node.js st module Directory Traversal
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
30RIESGO
abrir ↗Nucleimedium
Oracle Weblogic - Server-Side Request Forgery
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allo
30RIESGO
abrir ↗Nucleimedium
ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.