Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleihigh
Odoo Apps - Cross-Site Scripting via Prototype Pollution
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a m
18RIESGO
abrir ↗Nucleicritical
Buffalo WSR-2533DHPL2 - Path Traversal
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3
95RIESGO
abrir ↗Nucleihigh
Buffalo WSR-2533DHPL2 - Configuration File Injection
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RIESGO
abrir ↗Nucleihigh
Buffalo WSR-2533DHPL2 - Improper Access Control
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not pr
18RIESGO
abrir ↗Nucleihigh
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the
18RIESGO
abrir ↗Nucleihigh
Draytek VigorConnect 1.6.0-B - Local File Inclusion
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the D
88RIESGO
abrir ↗Nucleihigh
Draytek VigorConnect 6.0-B3 - Local File Inclusion
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the W
78RIESGO
abrir ↗Nucleimedium
Gryphon Tower - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the
18RIESGO
abrir ↗Nucleimedium
Trendnet AC2600 TEW-827DRU - Credentials Disclosure
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authe
30RIESGO
abrir ↗Nucleicritical
Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauth
23RIESGO
abrir ↗Nucleihigh
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable
18RIESGO
abrir ↗Nucleimedium
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
30RIESGO
abrir ↗Nucleicritical
Acmailer - Improper Access Control to OS Command Injection
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows
18RIESGO
abrir ↗Nucleimedium
WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject
18RIESGO
abrir ↗Nucleicritical
MovableType - Remote Command Injection
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RIESGO
abrir ↗Nucleimedium
Adobe ColdFusion - Cross-Site Scripting
ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
40RIESGO
abrir ↗Nucleihigh
MinIO Browser API - Server-Side Request Forgery
Server-Side Request Forgery in MinIO Browser API
41RIESGO
abrir ↗Nucleihigh
Node.JS System Information Library <5.3.1 - Remote Command Injection
Command Injection Vulnerability
100RIESGO
abrir ↗Nucleicritical
XStream < 1.4.16 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
50RIESGO
abrir ↗Nucleicritical
Oracle WebLogic Server - Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Suppor
43RIESGO
abrir ↗Nucleicritical
XStream <1.4.16 - Remote Code Execution
XStream is vulnerable to an Arbitrary Code Execution attack
50RIESGO
abrir ↗Nucleihigh
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
BuddyPress privilege escalation via REST API
61RIESGO
abrir ↗Nucleimedium
Jellyfin <10.7.0 - Local File Inclusion
Unauthenticated Arbitrary File Access in Jellyfin
78RIESGO
abrir ↗Nucleicritical
SCIMono <0.0.19 - Remote Code Execution
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availabi
41RIESGO
abrir ↗Nucleimedium
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use th
30RIESGO
abrir ↗Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (2
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.