Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that red
18RIESGO
abrir
Nucleimedium
Grav < 1.7 - Open Redirect
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
23RIESGO
abrir
Nucleicritical
WordPress Chop Slider 3 - Blind SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RIESGO
abrir
Nucleicritical
SuperWebmailer 7.21.0.01526 - Remote Code Execution
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailing
50RIESGO
abrir
Nucleimedium
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes runn
30RIESGO
abrir
Nucleicritical
Kong Admin <=2.03 - Admin API Access
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces othe
30RIESGO
abrir
Nucleihigh
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_ga
18RIESGO
abrir
Nucleihigh
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
CVE-2020-11738HIGHbajo ataque
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir
Nucleimedium
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RIESGO
abrir
Nucleihigh
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Arbitrary code execution vulnerability on multiple Micro Focus products
58RIESGO
abrir
Nucleicritical
Micro Focus UCMDB - Remote Code Execution
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RIESGO
abrir
Nucleimedium
WordPress GTranslate <2.8.52 - Cross-Site Scripting
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflan
18RIESGO
abrir
Nucleicritical
Apache Unomi - Remote Code Execution
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the J
43RIESGO
abrir
Nucleihigh
Apache Airflow <=1.10.10 - Remote Code Execution
CVE-2020-11978HIGHbajo ataque
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RIESGO
abrir
Nucleicritical
Apache HTTP Server - Remote Code Execution
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
60RIESGO
abrir
Nucleihigh
Apache Cocoon 2.1.12 - XML Injection
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system e
40RIESGO
abrir
Nucleimedium
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also a
18RIESGO
abrir
Nucleihigh
Zoho ManageEngine OpManger - Arbitrary File Read
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attack
40RIESGO
abrir
Nucleicritical
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.1
60RIESGO
abrir
Nucleihigh
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030
18RIESGO
abrir
Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can
40RIESGO
abrir
Nucleimedium
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can
40RIESGO
abrir
Nucleimedium
Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page=
18RIESGO
abrir
Nucleihigh
Onkyo TX-NR585 Web Interface - Directory Traversal
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users
23RIESGO
abrir
Nucleihigh
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include bac
18RIESGO
abrir
Nucleicritical
Roundcube Webmail - Command Injection
CVE-2020-12641CRITICALbajo ataque
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in
100RIESGO
abrir
Nucleicritical
vBulletin SQL Injection
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RIESGO
abrir
Nucleicritical
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RIESGO
abrir
Nucleicritical
WordPress Simple File List - Path Traversal
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files be
18RIESGO
abrir
Nucleicritical
Wavlink Multiple AP - Remote Command Injection
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands
30RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.