Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
CVE-2023-28285HIGH03 jul 2023
Microsoft Office Remote Code Execution Vulnerability
41RIESGO
abrir
Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
CVE-2023-3634803 jul 2023
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RIESGO
abrir
Exploit-DB
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
CVE-2023-30198HIGH26 jun 2023
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download
41RIESGO
abrir
Exploit-DB
Azure Apache Ambari 2302250400 - Spoofing
CVE-2023-23408MEDIUM26 jun 2023
Azure Apache Ambari Spoofing Vulnerability
33RIESGO
abrir
Exploit-DB
Windows 11 22h2 - Kernel Privilege Elevation
CVE-2023-28293HIGH26 jun 2023
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
Exploit-DB
Microsoft SharePoint Enterprise Server 2016 - Spoofing
CVE-2023-28288HIGH26 jun 2023
Microsoft SharePoint Server Spoofing Vulnerability
41RIESGO
abrir
Exploit-DB
NCH Express Invoice - Clear Text Password Storage and Account Takeover
CVE-2020-1156023 jun 2023
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
23RIESGO
abrir
Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
CVE-2022-47075HIGH22 jun 2023
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the
68RIESGO
abrir
Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
CVE-2022-47076HIGH22 jun 2023
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via Display
41RIESGO
abrir
Exploit-DB
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
CVE-2023-3320MEDIUM20 jun 2023
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,
33RIESGO
abrir
Exploit-DB
Super Socializer 7.13.52 - Reflected XSS
CVE-2023-2779MEDIUM20 jun 2023
Super Socializer < 7.13.52 - Reflected XSS
48RIESGO
abrir
Exploit-DB
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
CVE-2023-27372CRITICAL20 jun 2023
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
Exploit-DB
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
CVE-2023-23956MEDIUM19 jun 2023
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
33RIESGO
abrir
Exploit-DB
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-11027MEDIUM19 jun 2023
Password reset links invalidation issue in WordPress
38RIESGO
abrir
Exploit-DB
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
CVE-2023-0297CRITICAL14 jun 2023
Code Injection in pyload/pyload
85RIESGO
abrir
Exploit-DB
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
CVE-2023-3184LOW13 jun 2023
SourceCodester Sales Tracker Management System cross site scripting
28RIESGO
abrir
Exploit-DB
Teachers Record Management System 1.0 - File Upload Type Validation
CVE-2023-3187MEDIUM13 jun 2023
PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload
33RIESGO
abrir
Exploit-DB
WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
CVE-2021-2449909 jun 2023
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RIESGO
abrir
Exploit-DB
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
CVE-2023-30868HIGH06 jun 2023
WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
56RIESGO
abrir
Exploit-DB
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
CVE-2023-33243HIGH04 jun 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the
41RIESGO
abrir
Exploit-DB
File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
CVE-2023-206804 jun 2023
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RIESGO
abrir
Exploit-DB
Online Security Guards Hiring System 1.0 - Reflected XSS
CVE-2023-0527LOW31 may 2023
PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting
43RIESGO
abrir
Exploit-DB
Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
CVE-2018-806531 may 2023
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RIESGO
abrir
Exploit-DB
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
CVE-2023-0455HIGH31 may 2023
Unrestricted Upload of File with Dangerous Type in unilogies/bumsys
41RIESGO
abrir
Exploit-DB
Pydio Cells 4.1.2 - Server-Side Request Forgery
CVE-2023-32750MEDIUM31 may 2023
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which
33RIESGO
abrir
Exploit-DB
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
CVE-2023-32751MEDIUM31 may 2023
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are genera
33RIESGO
abrir
Exploit-DB
Faculty Evaluation System 1.0 - Unauthenticated File Upload
CVE-2023-33440HIGH31 may 2023
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_u
61RIESGO
abrir
Exploit-DB
Pydio Cells 4.1.2 - Unauthorised Role Assignments
CVE-2023-32749HIGH31 may 2023
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RIESGO
abrir
Exploit-DB
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
CVE-2023-30145CRITICAL26 may 2023
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
60RIESGO
abrir
Exploit-DB
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
CVE-2023-33829MEDIUM25 may 2023
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.