Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
TeamPass 3.0.0.21 - SQL Injection
SQL Injection in nilsteampassnet/teampass
41RIESGO
abrir ↗Exploit-DB
JUX Real Estate 3.4.0 - SQL Injection
JoomlaUX JUX Real Estate GET Parameter realties sql injection
33RIESGO
abrir ↗Exploit-DB
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
50RIESGO
abrir ↗Exploit-DB
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir ↗Exploit-DB
Devika v1 - Path Traversal via 'snapshot_path'
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path tr
68RIESGO
abrir ↗Exploit-DB
SolarWinds Platform 2024.1 SR1 - Race Condition
SolarWinds Platform Race Condition Vulnerability
38RIESGO
abrir ↗Exploit-DB
htmlLawed 1.2.5 - Remote Code Execution (RCE)
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
100RIESGO
abrir ↗Exploit-DB
Wordpress Theme XStore 9.3.8 - SQLi
WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability
48RIESGO
abrir ↗Exploit-DB
Apache OFBiz 18.12.12 - Directory Traversal
Apache OFBiz: Path traversal leading to RCE
100RIESGO
abrir ↗Exploit-DB
Apache mod_proxy_cluster 1.2.6 - Stored XSS
Mod_cluster/mod_proxy_cluster: stored cross site scripting
33RIESGO
abrir ↗Exploit-DB
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir ↗Exploit-DB
Laravel Framework 11 - Credential Leakage
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/log
23RIESGO
abrir ↗Exploit-DB
OpenClinic GA 5.247.01 - Information Disclosure
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the pr
41RIESGO
abrir ↗Exploit-DB
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page param
41RIESGO
abrir ↗Exploit-DB
Jenkins 2.441 - Local File Inclusion
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir ↗Exploit-DB
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted fil
48RIESGO
abrir ↗Exploit-DB
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
Ray Command Injection in cpu_profile Parameter
85RIESGO
abrir ↗Exploit-DB
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
53RIESGO
abrir ↗Exploit-DB
Casdoor < v1.331.0 - '/api/set-password' CSRF
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RIESGO
abrir ↗Exploit-DB
Daily Habit Tracker 1.0 - SQL Injection
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbit
48RIESGO
abrir ↗Exploit-DB
Gibbon LMS v26.0.00 - SSTI vulnerability
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re
53RIESGO
abrir ↗Exploit-DB
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via t
38RIESGO
abrir ↗Exploit-DB
Axigen < 10.5.7 - Persistent Cross-Site Scripting
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges
48RIESGO
abrir ↗Exploit-DB
Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir ↗Exploit-DB
Daily Habit Tracker 1.0 - Broken Access Control
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php,
53RIESGO
abrir ↗Exploit-DB
GL-iNet MT6000 4.5.5 - Arbitrary File Download
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially
46RIESGO
abrir ↗Exploit-DB
Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers
23RIESGO
abrir ↗Exploit-DB
Employee Management System 1.0 - 'admin_id' SQLi
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the ad
48RIESGO
abrir ↗Exploit-DB
HNAS SMU 14.8.7825 - Information Disclosure
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
41RIESGO
abrir ↗Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.