Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleimedium
Rukovoditel <= 2.7.2 - Cross-Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticat
18RIESGO
abrir ↗Nucleicritical
CSE Bookstore 1.0 - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pub
23RIESGO
abrir ↗Nucleicritical
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalat
43RIESGO
abrir ↗Nucleimedium
Jira Server and Data Center - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
50RIESGO
abrir ↗Nucleicritical
ThemeGrill Demo Importer < 1.6.2 - Database Reset
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard
18RIESGO
abrir ↗Nucleimedium
Smartstore <4.1.0 - Open Redirect
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication,
18RIESGO
abrir ↗Nucleimedium
WordPress 15Zine <3.3.0 - Cross-Site Scripting
15Zine < 3.3.0 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleicritical
Adning Advertising <= 1.5.5 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Arbitrary File Upload
43RIESGO
abrir ↗Nucleicritical
WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
Epsilon Framework Themes (Various Versions) - Function Injection
75RIESGO
abrir ↗Nucleicritical
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation
43RIESGO
abrir ↗Nucleihigh
ListingPro < 2.6.1 - Sensitive Data Disclosure
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure
28RIESGO
abrir ↗Nucleimedium
WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal
28RIESGO
abrir ↗Nucleihigh
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
36RIESGO
abrir ↗Nucleihigh
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
36RIESGO
abrir ↗Nucleimedium
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
28RIESGO
abrir ↗Nucleicritical
VMware vCenter Server LDAP Broken Access Control
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RIESGO
abrir ↗Nucleicritical
IBM Data Risk Manager - Authentication Bypass via SAML
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RIESGO
abrir ↗Nucleihigh
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc
68RIESGO
abrir ↗Nucleimedium
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
38RIESGO
abrir ↗Nucleihigh
Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages an
43RIESGO
abrir ↗Nucleimedium
Next.js <9.3.2 - Local File Inclusion
Directory Traversal in Next.js versions below 9.3.2
40RIESGO
abrir ↗Nucleicritical
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username paramet
23RIESGO
abrir ↗Nucleimedium
Spring Cloud Config - Local File Inclusion
Directory Traversal with spring-cloud-config-server
30RIESGO
abrir ↗Nucleihigh
Spring Cloud Config Server - Local File Inclusion
Directory Traversal with spring-cloud-config-server
100RIESGO
abrir ↗Nucleimedium
Spring Cloud Netflix - Server-Side Request Forgery
Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
23RIESGO
abrir ↗Nucleicritical
Grandstream UCM6200 - SQL Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RIESGO
abrir ↗Nucleihigh
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin f
18RIESGO
abrir ↗Nucleimedium
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas appli
18RIESGO
abrir ↗Nucleihigh
MAGMI - Cross-Site Request Forgery
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is poss
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.