Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.105exploits catalogados
31.648CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
WordPress Yuzo <5.12.94 - Cross-Site Scripting
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that
18RIESGO
abrir
Nucleihigh
Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress all
18RIESGO
abrir
Nucleihigh
GrandNode 4.40 - Local File Inclusion
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows
50RIESGO
abrir
Nucleicritical
Deltek Maconomy 2.2.5 - Local File Inclusion
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RIESGO
abrir
Nucleimedium
WebPort 1.19.1 - Cross-Site Scripting
Web Port 1.19.1 allows XSS via the /log type parameter.
38RIESGO
abrir
Nucleimedium
Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall,
18RIESGO
abrir
Nucleicritical
Zyxel ZyWall UAG/USG - Account Creation Access
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attack
30RIESGO
abrir
Nucleihigh
IceWarp Mail Server <=10.4.4 - Local File Inclusion
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index
50RIESGO
abrir
Nucleicritical
Zeroshell 3.9.0 - Remote Command Execution
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web ap
60RIESGO
abrir
Nucleihigh
Shopware < 5.5.8 - Cross-Site Scripting
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
36RIESGO
abrir
Nucleimedium
LiveZilla Server 8.0.1.0 - Cross-Site Scripting
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
38RIESGO
abrir
Nucleicritical
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of
30RIESGO
abrir
Nucleicritical
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of
30RIESGO
abrir
Nucleicritical
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of
30RIESGO
abrir
Nucleicritical
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of
30RIESGO
abrir
Nucleicritical
Citrix SD-WAN and NetScaler SD-WAN - SQL Injection
CVE-2019-12989CRITICALbajo ataque
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
100RIESGO
abrir
Nucleicritical
Citrix SD-WAN Center - Local File Inclusion
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
30RIESGO
abrir
Nucleicritical
D-Link DIR-600M - Authentication Bypass
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without
50RIESGO
abrir
Nucleicritical
D-Link Central WiFi Manager CWM(100) - Remote Code Execution
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote atta
40RIESGO
abrir
Nucleimedium
MindPalette NateMail 3.0.15 - Cross-Site Scripting
A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote
18RIESGO
abrir
Nucleimedium
FlightPath - Local File Inclusion
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an in
50RIESGO
abrir
Nucleicritical
Lansweeper Unauthenticated SQL Injection
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
23RIESGO
abrir
Nucleihigh
Citrix StoreFront Server - XML External Entity
CVE-2019-13608HIGHbajo ataqueransomware
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE at
78RIESGO
abrir
Nucleihigh
WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion
A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attac
30RIESGO
abrir
Nucleihigh
Nevma Adaptive Images - Arbitrary File Deletion
An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote a
38RIESGO
abrir
Nucleimedium
Alfresco Share - Open Redirect
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share applicat
18RIESGO
abrir
Nucleihigh
T24 Web Server - Local File Inclusion
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a docu
18RIESGO
abrir
Nucleimedium
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This v
43RIESGO
abrir
Nucleihigh
Pallets Werkzeug <0.15.5 - Local File Inclusion
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
50RIESGO
abrir
Nucleimedium
WordPress UserPro 4.9.32 - Cross-Site Scripting
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has X
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.