Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleimedium
Knowage Suite 7.3 - Cross-Site Scripting
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrar
18RIESGO
abrir
Nucleicritical
VoipMonitor <24.61 - Remote Code Execution
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used,
50RIESGO
abrir
Nucleihigh
Ivanti Avalanche 6.3.2 - Local File Inclusion
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal
40RIESGO
abrir
Nucleicritical
PrestaShop 1.7.7.0 - SQL Injection
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller
23RIESGO
abrir
Nucleimedium
Microsoft Exchange Server - Cross-Site Scripting
Microsoft Exchange Server Remote Code Execution Vulnerability
50RIESGO
abrir
Nucleimedium
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology I
23RIESGO
abrir
Nucleimedium
CHIYU TCP/IP Converter - Cross-Site Scripting
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU T
40RIESGO
abrir
Nucleicritical
Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
CVE-2021-3129CRITICALbajo ataqueransomware
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RIESGO
abrir
Nucleicritical
CentOS Web Panel - SQL Injection
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST param
23RIESGO
abrir
Nucleicritical
CentOS Web Panel - OS Command Injection
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root R
30RIESGO
abrir
Nucleihigh
Home Assistant HACS - Local File Inclusion
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks aga
18RIESGO
abrir
Nucleimedium
SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, p
18RIESGO
abrir
Nucleimedium
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface
36RIESGO
abrir
Nucleimedium
BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Sof
43RIESGO
abrir
Nucleihigh
Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The
40RIESGO
abrir
Nucleimedium
WebCTRL OEM <= 6.5 - Cross-Site Scripting
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for re
43RIESGO
abrir
Nucleicritical
Tenda Router AC11 - Remote Command Injection
CVE-2021-31755CRITICALbajo ataque
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerabili
95RIESGO
abrir
Nucleicritical
Apache Struts2 S2-062 - Remote Code Execution
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
60RIESGO
abrir
Nucleicritical
Layer5 Meshery 0.5.2 - SQL Injection
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL comman
40RIESGO
abrir
Nucleimedium
SysAid 20.4.74 - Cross-Site Scripting
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
18RIESGO
abrir
Nucleicritical
ASUS GT-AC2900 - Authentication Bypass
CVE-2021-32030CRITICALbajo ataque
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630
95RIESGO
abrir
Nucleicritical
Maian Cart <=3.8 - Remote Code Execution
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the
50RIESGO
abrir
Nucleihigh
Node RED Dashboard <2.26.2 - Local File Inclusion
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
23RIESGO
abrir
Nucleicritical
Websvn <2.6.1 - Remote Code Execution
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RIESGO
abrir
Nucleicritical
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to exec
23RIESGO
abrir
Nucleimedium
Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect
18RIESGO
abrir
Nucleimedium
Python Flask-Security - Open Redirect
Open Redirect Vulnerability
23RIESGO
abrir
Nucleihigh
OctoberCMS - Account Takeover
CVE-2021-32648HIGHbajo ataque
Account Takeover in Octobercms
100RIESGO
abrir
Nucleicritical
elFinder 2.1.58 - Remote Code Execution
Multiple vulnerabilities leading to RCE
75RIESGO
abrir
Nucleihigh
WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
Arbitrary SQL (SQL injection) possible via the Store API component.
61RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.