Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RIESGO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RIESGO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RIESGO
abrir ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RIESGO
abrir ↗Nucleicritical
Advantech R-SeeNet 2.4.12 - OS Command Injection
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.
55RIESGO
abrir ↗Nucleimedium
D-Link DIR-3040 1.13B03 - Information Disclosure
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially craft
40RIESGO
abrir ↗Nucleicritical
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix Prem
55RIESGO
abrir ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RIESGO
abrir ↗Nucleimedium
VMware vSphere - Server-Side Request Forgery
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of UR
100RIESGO
abrir ↗Nucleihigh
vRealize Operations Manager API - Server-Side Request Forgery
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RIESGO
abrir ↗Nucleicritical
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RIESGO
abrir ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RIESGO
abrir ↗Nucleicritical
VMware vCenter Server - Arbitrary File Upload
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RIESGO
abrir ↗Nucleimedium
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A mali
70RIESGO
abrir ↗Nucleihigh
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to exe
23RIESGO
abrir ↗Nucleihigh
VMWare Workspace ONE UEM - Server-Side Request Forgery
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and
100RIESGO
abrir ↗Nucleimedium
FortiWeb - Cross Site Scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version
23RIESGO
abrir ↗Nucleimedium
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RIESGO
abrir ↗Nucleihigh
GitLab CI Lint API - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
70RIESGO
abrir ↗Nucleicritical
GitLab CE/EE - Remote Code Execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RIESGO
abrir ↗Nucleihigh
Gitlab CE/EE 10.5 - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE
53RIESGO
abrir ↗Nucleicritical
Micro Focus Operations Bridge Reporter - Remote Code Execution
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RIESGO
abrir ↗Nucleicritical
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to
30RIESGO
abrir ↗Nucleimedium
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg
50RIESGO
abrir ↗Nucleimedium
Ruby on Rails - Open Redirect via Host Header Injection
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Sp
40RIESGO
abrir ↗Nucleicritical
Rocket.Chat <=3.13 - NoSQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir ↗Nucleicritical
F5 iControl REST - Remote Command Execution
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RIESGO
abrir ↗Nucleimedium
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.