Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleihigh
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability
36RIESGO
abrir ↗Nucleimedium
GP Premium <= 2.4.0 - Cross-Site Scripting
GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
28RIESGO
abrir ↗Nucleicritical
Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
68RIESGO
abrir ↗Nucleihigh
LyLme-Spage - Arbitary File Upload
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to exec
43RIESGO
abrir ↗Nucleihigh
OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
OpenAPI Generator Online - Arbitrary File Read/Delete
36RIESGO
abrir ↗Nucleicritical
Mitel MiCollab <= 9.8.0.33 - SQL Injection
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to cond
75RIESGO
abrir ↗Nucleicritical
Web Directory Free < 1.7.0 - SQL Injection
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
75RIESGO
abrir ↗Nucleihigh
openSIS < 9.1 - SQL Injection
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingL
36RIESGO
abrir ↗Nucleimedium
TileServer API - Cross Site Scripting
tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data
28RIESGO
abrir ↗Nucleimedium
WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting
WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir ↗Nucleihigh
Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting
WordPress WPMobile.App plugin <= 11.41 - Cross Site Scripting (XSS) vulnerability
36RIESGO
abrir ↗Nucleicritical
WP Hotel Booking <= 2.1.0 - SQL Injection
WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection
63RIESGO
abrir ↗Nucleicritical
Apache OFBiz - Directory Traversal & Remote Code Execution
Apache OFBiz: Path traversal leading to a RCE
85RIESGO
abrir ↗Nucleihigh
Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
Path traversal while serving Reposilite javadoc expanded files
36RIESGO
abrir ↗Nucleicritical
GeoServer RCE in Evaluating Property Name Expressions
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir ↗Nucleicritical
GeoServer and GeoTools - Remote Code Execution
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions
65RIESGO
abrir ↗Nucleihigh
Flowise 1.4.3 - Arbitrary File Read
GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file
36RIESGO
abrir ↗Nucleimedium
Puppeteer Renderer - Directory Traversal
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter usin
28RIESGO
abrir ↗Nucleihigh
Keycloak < 24.0.5 - Broken Access Control
Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
36RIESGO
abrir ↗Nucleihigh
LyLme spage v1.9.5 - Server-Side Request Forgery
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
43RIESGO
abrir ↗Nucleicritical
PrestaShop productsalert - SQL Injection
SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaSho
36RIESGO
abrir ↗Nucleicritical
Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Unauthenticated LFI
63RIESGO
abrir ↗Nucleihigh
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
28RIESGO
abrir ↗Nucleihigh
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
36RIESGO
abrir ↗Nucleicritical
Apache CloudStack - SAML Signature Exclusion
Apache CloudStack: SAML Signature Exclusion
41RIESGO
abrir ↗Nucleihigh
Cluster Control CMON API - Directory Traversal
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and
36RIESGO
abrir ↗Nucleihigh
OpenAM<=15.0.3 FreeMarker - Template Injection
OpenAM FreeMarker template injection
36RIESGO
abrir ↗Nucleihigh
Mitel MiCollab - Authentication Bypass
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could
100RIESGO
abrir ↗Nucleimedium
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar < 6.4.0.1 - Reflected XSS
63RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.