Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2020-5330HIGH05 abr 2023
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RIESGO
abrir
Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
CVE-2023-0493MEDIUM05 abr 2023
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RIESGO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
CVE-2022-44268MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RIESGO
abrir
Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
CVE-2022-2988505 abr 2023
EncryptInterceptor does not provide complete protection on insecure networks
45RIESGO
abrir
Exploit-DB
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
CVE-2022-44877CRITICALbajo ataque05 abr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RIESGO
abrir
Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
CVE-2023-0315HIGH05 abr 2023
Command Injection in froxlor/froxlor
78RIESGO
abrir
Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
CVE-2022-46552HIGH05 abr 2023
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RIESGO
abrir
Exploit-DB
ImageMagick 7.1.0-49 - DoS
CVE-2022-44267MEDIUM05 abr 2023
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RIESGO
abrir
Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
CVE-2021-33990CRITICAL05 abr 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RIESGO
abrir
Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CVE-2022-2846MEDIUM05 abr 2023
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RIESGO
abrir
Exploit-DB
Answerdev 1.0.3 - Account Takeover
CVE-2023-0744CRITICAL05 abr 2023
Improper Access Control in answerdev/answer
48RIESGO
abrir
Exploit-DB
itech TrainSmart r1044 - SQL injection
CVE-2021-36520HIGH05 abr 2023
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
41RIESGO
abrir
Exploit-DB
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
CVE-2023-23286MEDIUM05 abr 2023
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the s
33RIESGO
abrir
Exploit-DB
ERPNext 12.29 - Cross-Site Scripting (XSS)
CVE-2022-2859805 abr 2023
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-contro
23RIESGO
abrir
Exploit-DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
CVE-2023-0214MEDIUM05 abr 2023
XSS in Skyhigh Security SWG
33RIESGO
abrir
Exploit-DB
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
CVE-2022-48110MEDIUM05 abr 2023
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CK
33RIESGO
abrir
Exploit-DB
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
CVE-2022-47870MEDIUM03 abr 2023
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows r
33RIESGO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated
CVE-2023-2316303 abr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parame
23RIESGO
abrir
Exploit-DB
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
CVE-2023-22809HIGH03 abr 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RIESGO
abrir
Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
CVE-2022-34125MEDIUM03 abr 2023
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RIESGO
abrir
Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
CVE-2020-25213CRITICALbajo ataque03 abr 2023
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 abr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RIESGO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
CVE-2022-31125CRITICAL03 abr 2023
Authentication Bypass in Roxy-wi
53RIESGO
abrir
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 abr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RIESGO
abrir
Exploit-DB
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
CVE-2023-23488CRITICAL03 abr 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RIESGO
abrir
Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
CVE-2022-31056CRITICAL03 abr 2023
SQL injection with _actor parameter in GLPI
48RIESGO
abrir
Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-31126CRITICAL03 abr 2023
Unauthenticated Remote Code Execution in Roxy-wi
75RIESGO
abrir
Exploit-DB
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
CVE-2022-31161CRITICAL03 abr 2023
Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
68RIESGO
abrir
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
CVE-2023-2316203 abr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RIESGO
abrir
Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-34128CRITICAL03 abr 2023
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.