Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
23RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL users cross site scripting
43RIESGO
abrir ↗Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL pages cross site scripting
43RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL ajax_invite cross site scripting
43RIESGO
abrir ↗Exploit-DB
RosarioSIS 10.8.4 - CSV Injection
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
33RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL friends cross site scripting
43RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL view cross site scripting
43RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL find-a-match cross site scripting
43RIESGO
abrir ↗Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooSocial mooDating URL question cross site scripting
43RIESGO
abrir ↗Exploit-DB
RWS WorldServer 11.7.3 - Session Token Enumeration
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized a
23RIESGO
abrir ↗Exploit-DB
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
Microsoft Office Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Exploit-DB
pfSense v2.7.0 - OS Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RIESGO
abrir ↗Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by send
43RIESGO
abrir ↗Exploit-DB
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to t
53RIESGO
abrir ↗Exploit-DB
ABB FlowX v4.00 - Exposure of Sensitive Information
Flow-X disclosure of sensitive information to unauthenticated users
33RIESGO
abrir ↗Exploit-DB
Icinga Web 2.10 - Authenticated Remote Code Execution
Arbitrary code execution for authenticated users in Icinga Web 2
46RIESGO
abrir ↗Exploit-DB
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
28RIESGO
abrir ↗Exploit-DB
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RIESGO
abrir ↗Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RIESGO
abrir ↗Exploit-DB
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code
23RIESGO
abrir ↗Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
70RIESGO
abrir ↗Exploit-DB
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
33RIESGO
abrir ↗Exploit-DB
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
23RIESGO
abrir ↗Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
Microsoft Office Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Microsoft Excel Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RIESGO
abrir ↗Exploit-DB
WP AutoComplete 1.0.4 - Unauthenticated SQLi
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi
48RIESGO
abrir ↗Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.