Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote
18RIESGO
abrir ↗Nucleihigh
MKdocs 1.2.2 - Directory Traversal
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obt
23RIESGO
abrir ↗Nucleihigh
Aurelia-Path < 1.1.7 - Prototype Pollution
Prototype pollution in aurelia-path
43RIESGO
abrir ↗Nucleimedium
Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
XSS vulnerability allowing arbitrary JavaScript execution
50RIESGO
abrir ↗Nucleimedium
Redash Setup Configuration - Default Secrets Disclosure
Insecure default configuration
36RIESGO
abrir ↗Nucleicritical
MinIO Operator Console Authentication Bypass
Authentication bypass issue in the Operator Console
48RIESGO
abrir ↗Nucleihigh
Metabase - Local File Inclusion
GeoJSON URL validation can expose server files and environment variables to unauthorized users
100RIESGO
abrir ↗Nucleihigh
pfSense - Arbitrary File Write
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data abo
40RIESGO
abrir ↗Nucleihigh
ECOA Building Automation System - Directory Traversal Content Disclosure
ECOA BAS controller - Path Traversal-1
58RIESGO
abrir ↗Nucleihigh
ECOA Building Automation System - Arbitrary File Retrieval
ECOA BAS controller - Path Traversal-3
41RIESGO
abrir ↗Nucleimedium
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Microsoft Exchange Server Spoofing Vulnerability
70RIESGO
abrir ↗Nucleihigh
Payara Micro Community 5.2021.6 Directory Traversal
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
50RIESGO
abrir ↗Nucleicritical
QVIS NVR/DVR - Remote Code Execution
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
18RIESGO
abrir ↗Nucleimedium
FlatPress 1.2.1 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaS
18RIESGO
abrir ↗Nucleihigh
ECShop 4.1.0 - SQL Injection
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
18RIESGO
abrir ↗Nucleimedium
JustWriting - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow rem
18RIESGO
abrir ↗Nucleihigh
SAS/Internet 9.4 1520 - Local File Inclusion
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the app
18RIESGO
abrir ↗Nucleihigh
PuneethReddyHC action.php SQL Injection
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId
23RIESGO
abrir ↗Nucleicritical
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php c
30RIESGO
abrir ↗Nucleicritical
TP-Link - OS Command Injection
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to r
60RIESGO
abrir ↗Nucleihigh
openSIS Student Information System 8.0 SQL Injection
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TR
43RIESGO
abrir ↗Nucleicritical
CraftCMS SEOmatic - Server-Side Template Injection
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Si
23RIESGO
abrir ↗Nucleihigh
Apache 2.4.49 - Path Traversal and Remote Code Execution
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗Nucleimedium
PlaceOS 1.2109.1 - Open Redirection
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
23RIESGO
abrir ↗Nucleimedium
i-Panel Administration System 2.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enable
38RIESGO
abrir ↗Nucleimedium
GitLab GraphQL API User Enumeration
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Priv
70RIESGO
abrir ↗Nucleimedium
Resourcespace - Cross-Site Scripting
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_ss
40RIESGO
abrir ↗Nucleicritical
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RIESGO
abrir ↗Nucleimedium
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage
43RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.