Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleicritical
D-Link Routers - Remote Code Execution
CVE-2019-16920CRITICALbajo ataque
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The i
100RIESGO
abrir
Nucleimedium
WordPress Visualizer <3.3.1 - Cross-Site Scripting
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute ar
18RIESGO
abrir
Nucleicritical
Visualizer <3.3.1 - Blind Server-Side Request Forgery
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-d
30RIESGO
abrir
Nucleihigh
Metinfo 7.0.0 beta - SQL Injection
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?
23RIESGO
abrir
Nucleihigh
Metinfo 7.0.0 beta - SQL Injection
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the adm
30RIESGO
abrir
Nucleimedium
Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin
18RIESGO
abrir
Nucleimedium
WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.
18RIESGO
abrir
Nucleimedium
WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
18RIESGO
abrir
Nucleihigh
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options im
18RIESGO
abrir
Nucleimedium
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
18RIESGO
abrir
Nucleicritical
Yachtcontrol Webapplication 1.0 - Remote Command Injection
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user vi
30RIESGO
abrir
Nucleicritical
Zabbix <=4.4 - Authentication Bypass
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass
30RIESGO
abrir
Nucleihigh
MetInfo 7.0.0 beta - SQL Injection
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchPa
30RIESGO
abrir
Nucleicritical
Jfrog Artifactory <6.17.0 - Default Admin Password
JFrog Artifactory does not enforce default admin password change
55RIESGO
abrir
Nucleimedium
Kirona Dynamic Resource Scheduler - Information Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RIESGO
abrir
Nucleicritical
D-Link DIR-868L/817LW - Information Disclosure
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 route
30RIESGO
abrir
Nucleihigh
Jiangnan Online Judge 0.8.0 - Local File Inclusion
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=
23RIESGO
abrir
Nucleihigh
Apache Solr <=8.3.1 - Remote Code Execution
CVE-2019-17558HIGHbajo ataque
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RIESGO
abrir
Nucleicritical
Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST
30RIESGO
abrir
Nucleicritical
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially
18RIESGO
abrir
Nucleicritical
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RIESGO
abrir
Nucleimedium
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is m
50RIESGO
abrir
Nucleicritical
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RIESGO
abrir
Nucleihigh
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerabilit
50RIESGO
abrir
Nucleimedium
Ignite Realtime Openfire <4.42 - Local File Inclusion
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the
23RIESGO
abrir
Nucleicritical
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allo
30RIESGO
abrir
Nucleihigh
DOMOS 5.5 - Local File Inclusion
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
23RIESGO
abrir
Nucleicritical
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Nucleihigh
Allied Telesis AT-GS950/8 - Local File Inclusion
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] al
23RIESGO
abrir
Nucleicritical
Xfilesharing 2.5.1 - Arbitrary File Upload
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951
30RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.