Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleihigh
MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RIESGO
abrir ↗Nucleimedium
IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet
18RIESGO
abrir ↗Nucleicritical
Hikvision - Authentication Bypass
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir ↗Nucleicritical
Dahua Security - Configuration File Disclosure
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
30RIESGO
abrir ↗Nucleicritical
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions pri
60RIESGO
abrir ↗Nucleicritical
Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative cred
40RIESGO
abrir ↗Nucleicritical
Joomla! <3.7.1 - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RIESGO
abrir ↗Nucleimedium
Reflected XSS - Telerik Reporting Module
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms
18RIESGO
abrir ↗Nucleimedium
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
18RIESGO
abrir ↗Nucleimedium
Odoo 8.0/9.0/10.0 - Local File Inclusion
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to rea
18RIESGO
abrir ↗Nucleimedium
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before
60RIESGO
abrir ↗Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passe
100RIESGO
abrir ↗Nucleihigh
Apache Struts2 S2-052 - Remote Code Execution
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RIESGO
abrir ↗Nucleihigh
DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RIESGO
abrir ↗Nucleihigh
BOA Web Server 0.94.14 - Arbitrary File Access
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read
50RIESGO
abrir ↗Nucleicritical
PHPUnit - Remote Code Execution
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir ↗Nucleimedium
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2
18RIESGO
abrir ↗Nucleicritical
Cisco RV132W/RV134W Router - Information Disclosure
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VP
40RIESGO
abrir ↗Nucleihigh
Cisco ASA - Local File Inclusion
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RIESGO
abrir ↗Nucleimedium
Jolokia 1.3.7 - Cross-Site Scripting
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute ma
23RIESGO
abrir ↗Nucleihigh
Jolokia Agent - JNDI Code Injection
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to
40RIESGO
abrir ↗Nucleicritical
Cobbler - Authentication Bypass
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibl
23RIESGO
abrir ↗Nucleicritical
GitList < 0.6.0 Remote Code Execution
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RIESGO
abrir ↗Nucleihigh
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCrede
40RIESGO
abrir ↗Nucleimedium
Sympa version =>6.2.16 - Cross-Site Scripting
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in
18RIESGO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) v
18RIESGO
abrir ↗Nucleicritical
Jenkins - Remote Command Injection
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RIESGO
abrir ↗Nucleicritical
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE
50RIESGO
abrir ↗Nucleihigh
AudioCodes 420HD - Remote Code Execution
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RIESGO
abrir ↗Nucleimedium
Dolibarr <7.0.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script
40RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.