Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)
CVE-2021-34621CRITICAL31 ago 2021
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
75RIESGO
abrir
Exploit-DB
Strapi 3.0.0-beta - Set Password (Unauthenticated)
CVE-2019-1881830 ago 2021
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Exploit-DB
Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2019-1960930 ago 2021
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin c
35RIESGO
abrir
Exploit-DB
HP OfficeJet 4630/7110 MYM1FN2025AR/2117A - Stored Cross-Site Scripting (XSS)
CVE-2021-344125 ago 2021
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross
23RIESGO
abrir
Exploit-DB
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow
CVE-2006-123618 ago 2021
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrar
28RIESGO
abrir
Exploit-DB
SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
CVE-2020-514717 ago 2021
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to
23RIESGO
abrir
Exploit-DB
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
CVE-2021-3742512 ago 2021
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workfl
35RIESGO
abrir
Exploit-DB
Xiaomi browser 10.2.4.g - Browser Search History Disclosure
CVE-2018-2052310 ago 2021
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider
28RIESGO
abrir
Exploit-DB
Amica Prodigy 1.7 - Privilege Escalation
CVE-2021-3531210 ago 2021
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Serv
23RIESGO
abrir
Exploit-DB
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
CVE-2020-3584810 ago 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
60RIESGO
abrir
Exploit-DB
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
CVE-2020-3584710 ago 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RIESGO
abrir
Exploit-DB
CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-3665405 ago 2021
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while
23RIESGO
abrir
Exploit-DB
qdPM 9.1 - Remote Code Execution (Authenticated)
CVE-2020-724604 ago 2021
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RIESGO
abrir
Exploit-DB
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)
CVE-2020-949604 ago 2021
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RIESGO
abrir
Exploit-DB
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF)
CVE-2021-2999529 jul 2021
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute
23RIESGO
abrir
Exploit-DB
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
CVE-2021-2214626 jul 2021
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
28RIESGO
abrir
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
CVE-2020-1147HIGHbajo ataque23 jul 2021
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir
Exploit-DB
ElasticSearch 7.13.3 - Memory disclosure
CVE-2021-2214523 jul 2021
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RIESGO
abrir
Exploit-DB
Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
CVE-2021-3176120 jul 2021
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's ru
35RIESGO
abrir
Exploit-DB
WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
CVE-2020-601019 jul 2021
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RIESGO
abrir
Exploit-DB
PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection
CVE-2021-3759319 jul 2021
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQ
23RIESGO
abrir
Exploit-DB
Aruba Instant 8.7.1.0 - Arbitrary File Modification
CVE-2021-2515516 jul 2021
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RIESGO
abrir
Exploit-DB
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-35464CRITICALbajo ataqueransomware16 jul 2021
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pa
100RIESGO
abrir
Exploit-DB
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
CVE-2021-22555HIGHbajo ataque15 jul 2021
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RIESGO
abrir
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2515915 jul 2021
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RIESGO
abrir
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2516115 jul 2021
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve
43RIESGO
abrir
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2515515 jul 2021
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
28RIESGO
abrir
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2515815 jul 2021
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s
35RIESGO
abrir
Exploit-DB
WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-42362HIGH15 jul 2021
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RIESGO
abrir
Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
CVE-2021-2516015 jul 2021
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.