Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleimedium
Joomla! ChronoForums 2.0.11 - Local File Inclusion
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
18RIESGO
abrir ↗Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
85RIESGO
abrir ↗Nucleicritical
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server Remote Code Execution Vulnerability
55RIESGO
abrir ↗Nucleicritical
QNAP HBS 3 - Broken Access Control
Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
95RIESGO
abrir ↗Nucleicritical
Netmask NPM Package - Server-Side Request Forgery
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attacke
23RIESGO
abrir ↗Nucleihigh
Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) conta
18RIESGO
abrir ↗Nucleimedium
rConfig 3.9.6 - Local File Inclusion
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any
18RIESGO
abrir ↗Nucleihigh
LDAP Injection In OpenAM
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacke
60RIESGO
abrir ↗Nucleicritical
Apache OFBiz < 17.12.07 - Arbitrary Code Execution
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
30RIESGO
abrir ↗Nucleicritical
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infr
30RIESGO
abrir ↗Nucleimedium
Jellyfin 10.7.2 - Server Side Request Forgery
Unauthenticated GET requests through Remote Image endpoints
40RIESGO
abrir ↗Nucleihigh
XStream <1.4.17 - Remote Code Execution
XStream is vulnerable to a Remote Command Execution attack
58RIESGO
abrir ↗Nucleimedium
Seo Panel 4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
18RIESGO
abrir ↗Nucleimedium
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
18RIESGO
abrir ↗Nucleicritical
Laminas Project laminas-http - Remote Code Execution
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead
60RIESGO
abrir ↗Nucleicritical
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
95RIESGO
abrir ↗Nucleicritical
Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution
Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
55RIESGO
abrir ↗Nucleicritical
Apache OFBiz <17.12.07 - Arbitrary Code Execution
Unsafe deserialization in Apache OFBiz
60RIESGO
abrir ↗Nucleimedium
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key paramet
28RIESGO
abrir ↗Nucleimedium
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explore
18RIESGO
abrir ↗Nucleihigh
Intelbras WIN 300/WRN 342 - Credentials Disclosure
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover creden
30RIESGO
abrir ↗Nucleicritical
ZEROF Web Server 1.0 - SQL Injection
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
18RIESGO
abrir ↗Nucleicritical
IPeakCMS 3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the
43RIESGO
abrir ↗Nucleihigh
ffay lanproxy Directory Traversal
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection t
23RIESGO
abrir ↗Nucleihigh
Dzzoffice 2.02.1 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.