Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleimedium
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that red
18RIESGO
abrir ↗Nucleimedium
Grav < 1.7 - Open Redirect
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
23RIESGO
abrir ↗Nucleicritical
WordPress Chop Slider 3 - Blind SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RIESGO
abrir ↗Nucleicritical
SuperWebmailer 7.21.0.01526 - Remote Code Execution
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailing
50RIESGO
abrir ↗Nucleimedium
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes runn
30RIESGO
abrir ↗Nucleicritical
Kong Admin <=2.03 - Admin API Access
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces othe
30RIESGO
abrir ↗Nucleihigh
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_ga
18RIESGO
abrir ↗Nucleihigh
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir ↗Nucleimedium
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RIESGO
abrir ↗Nucleihigh
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RIESGO
abrir ↗Nucleicritical
Micro Focus UCMDB - Remote Code Execution
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RIESGO
abrir ↗Nucleimedium
WordPress GTranslate <2.8.52 - Cross-Site Scripting
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflan
18RIESGO
abrir ↗Nucleicritical
Apache Unomi - Remote Code Execution
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the J
43RIESGO
abrir ↗Nucleihigh
Apache Airflow <=1.10.10 - Remote Code Execution
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RIESGO
abrir ↗Nucleicritical
Apache HTTP Server - Remote Code Execution
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
60RIESGO
abrir ↗Nucleihigh
Apache Cocoon 2.1.12 - XML Injection
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system e
40RIESGO
abrir ↗Nucleimedium
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also a
18RIESGO
abrir ↗Nucleihigh
Zoho ManageEngine OpManger - Arbitrary File Read
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attack
40RIESGO
abrir ↗Nucleicritical
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.1
60RIESGO
abrir ↗Nucleihigh
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030
18RIESGO
abrir ↗Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can
40RIESGO
abrir ↗Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can
40RIESGO
abrir ↗Nucleimedium
Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page=
18RIESGO
abrir ↗Nucleihigh
Onkyo TX-NR585 Web Interface - Directory Traversal
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users
23RIESGO
abrir ↗Nucleihigh
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include bac
18RIESGO
abrir ↗Nucleicritical
Roundcube Webmail - Command Injection
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in
100RIESGO
abrir ↗Nucleicritical
vBulletin SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RIESGO
abrir ↗Nucleicritical
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RIESGO
abrir ↗Nucleicritical
WordPress Simple File List - Path Traversal
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files be
18RIESGO
abrir ↗Nucleicritical
Wavlink Multiple AP - Remote Command Injection
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands
30RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.