Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
CVE-2022-2811711 may 2022
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the ap
43RIESGO
abrir
Exploit-DB
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)
CVE-2021-4316411 may 2022
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.191
35RIESGO
abrir
Exploit-DB
Akka HTTP 10.1.14 - Denial of Service
CVE-2021-4269711 may 2022
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, whic
35RIESGO
abrir
Exploit-DB
Anuko Time Tracker - SQLi (Authenticated)
CVE-2022-24707HIGH11 may 2022
SQL injection in anuko timetracker
41RIESGO
abrir
Exploit-DB
DLINK DIR850 - Insecure Access Control
CVE-2021-4637811 may 2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote
35RIESGO
abrir
Exploit-DB
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
CVE-2021-3167311 may 2022
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remo
23RIESGO
abrir
Exploit-DB
Explore CMS 1.0 - SQL Injection
CVE-2022-2741211 may 2022
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
23RIESGO
abrir
Exploit-DB
DLINK DAP-1620 A1 v1.01 - Directory Traversal
CVE-2021-4638111 may 2022
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd]
50RIESGO
abrir
Exploit-DB
TLR-2005KSH - Arbitrary File Upload
CVE-2021-4542811 may 2022
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can uploa
50RIESGO
abrir
Exploit-DB
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
CVE-2021-4459511 may 2022
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send m
28RIESGO
abrir
Exploit-DB
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
CVE-2022-110311 may 2022
Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
28RIESGO
abrir
Exploit-DB
PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)
CVE-2022-2730811 may 2022
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrar
23RIESGO
abrir
Exploit-DB
Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)
CVE-2021-4459611 may 2022
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an
28RIESGO
abrir
Exploit-DB
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706CRITICALbajo ataque11 may 2022
Remote Code Execution Vulnerability in Packaging
100RIESGO
abrir
Exploit-DB
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
CVE-2021-2458111 may 2022
Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)
23RIESGO
abrir
Exploit-DB
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
CVE-2022-2821311 may 2022
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does n
28RIESGO
abrir
Exploit-DB
Bookeen Notea - Directory Traversal
CVE-2021-4578311 may 2022
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to
23RIESGO
abrir
Exploit-DB
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
CVE-2022-1175HIGH26 abr 2022
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 befor
63RIESGO
abrir
Exploit-DB
Gitlab 14.9 - Authentication Bypass
CVE-2022-1162CRITICAL26 abr 2022
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE
85RIESGO
abrir
Exploit-DB
Easy Appointments 1.4.2 - Information Disclosure
CVE-2022-0482CRITICAL19 abr 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
75RIESGO
abrir
Exploit-DB
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
CVE-2022-110419 abr 2022
Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting
35RIESGO
abrir
Exploit-DB
PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
CVE-2022-2418119 abr 2022
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to
38RIESGO
abrir
Exploit-DB
Zyxel NWA-1100-NH - Command Injection
CVE-2021-4039CRITICAL19 abr 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to exec
70RIESGO
abrir
Exploit-DB
REDCap 11.3.9 - Stored Cross Site Scripting
CVE-2021-4213619 abr 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows
23RIESGO
abrir
Exploit-DB
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
CVE-2021-46416MEDIUM11 abr 2022
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups acce
33RIESGO
abrir
Exploit-DB
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)
CVE-2021-4641711 abr 2022
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privilege
50RIESGO
abrir
Exploit-DB
Telesquare TLR-2855KS6 - Arbitrary File Deletion
CVE-2021-4641911 abr 2022
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system fil
60RIESGO
abrir
Exploit-DB
Telesquare TLR-2855KS6 - Arbitrary File Creation
CVE-2021-4641811 abr 2022
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
43RIESGO
abrir
Exploit-DB
Kramer VIAware - Remote Code Execution (RCE) (Root)
CVE-2021-3635607 abr 2022
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePa
50RIESGO
abrir
Exploit-DB
Kramer VIAware - Remote Code Execution (RCE) (Root)
CVE-2021-3506407 abr 2022
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits runn
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.