Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
MicroStrategy Library <11.1.3 - Cross-Site Scripting
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
18RIESGO
abrir
Nucleimedium
Cisco RV110W RV130W RV215W Router - Information leakage
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
40RIESGO
abrir
Nucleimedium
WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index
18RIESGO
abrir
Nucleimedium
Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker ca
43RIESGO
abrir
Nucleilow
Huawei Firewall - Local File Inclusion
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100,
18RIESGO
abrir
Nucleimedium
Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
Cisco Small Business Series Switches Open Redirect Vulnerability
53RIESGO
abrir
Nucleicritical
Citrix ADC and Gateway - Directory Traversal
CVE-2019-19781CRITICALbajo ataqueransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir
Nucleihigh
TOTOLINK/Realtek Routers - Information Disclosure
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attacker
18RIESGO
abrir
Nucleihigh
TOTOLINK/Realtek Routers - Information Disclosure
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext admin
18RIESGO
abrir
Nucleihigh
TOTOLINK Realtek SD Routers - Remote Command Injection
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCm
23RIESGO
abrir
Nucleicritical
TOTOLINK/Realtek Routers - CAPTCHA Bypass
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"}
23RIESGO
abrir
Nucleimedium
phpMyChat-Plus 1.98 - Cross-Site Scripting
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the
23RIESGO
abrir
Nucleimedium
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file downloa
70RIESGO
abrir
Nucleihigh
TVT NVMS 1000 - Local File Inclusion
CVE-2019-20085HIGHbajo ataque
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RIESGO
abrir
Nucleimedium
WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q paramete
18RIESGO
abrir
Nucleihigh
Simple Employee Records System 1.0 - Unrestricted File Upload
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension
18RIESGO
abrir
Nucleimedium
WordPress CTHthemes - Cross-Site Scripting
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflecte
18RIESGO
abrir
Nucleihigh
Pandora FMS 7.0NG - Remote Command Injection
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary O
30RIESGO
abrir
Nucleicritical
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attack
18RIESGO
abrir
Nucleicritical
InfluxDB <1.7.6 - Authentication Bypass
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.
50RIESGO
abrir
Nucleicritical
Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update
Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update
43RIESGO
abrir
Nucleihigh
Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting
Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting
36RIESGO
abrir
Nucleicritical
WordPress Advanced Access Manager - Path Traversal
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read
43RIESGO
abrir
Nucleihigh
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure
41RIESGO
abrir
Nucleihigh
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The suppo
40RIESGO
abrir
Nucleimedium
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The suppo
18RIESGO
abrir
Nucleimedium
Oracle Business Intelligence - Path Traversal
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
50RIESGO
abrir
Nucleihigh
Oracle Business Intelligence/XML Publisher - XML External Entity Injection
CVE-2019-2616HIGHbajo ataque
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
100RIESGO
abrir
Nucleicritical
Oracle WebLogic Server - Remote Command Execution
CVE-2019-2725HIGHbajo ataqueransomware
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RIESGO
abrir
Nucleicritical
Oracle WebLogic Server Administration Console - Remote Code Execution
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
85RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.