Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleicritical
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharac
50RIESGO
abrir
Nucleihigh
KONGA 0.14.9 - Privilege Escalation
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to pri
18RIESGO
abrir
Nucleicritical
Sitecore Experience Platform Pre-Auth RCE
CVE-2021-42237CRITICALbajo ataqueransomware
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RIESGO
abrir
Nucleicritical
BillQuick Web Suite SQL Injection
CVE-2021-42258CRITICALbajo ataqueransomware
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RIESGO
abrir
Nucleihigh
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion
WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion
36RIESGO
abrir
Nucleimedium
NetBiblio WebOPAC - Cross-Site Scripting
Reflected XSS in NetBiblio WebOPAC search functionality
28RIESGO
abrir
Nucleimedium
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
38RIESGO
abrir
Nucleimedium
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
38RIESGO
abrir
Nucleimedium
Apereo CAS Cross-Site Scripting
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
18RIESGO
abrir
Nucleicritical
D-Link DIR-615 - Unauthorized Access
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without auth
30RIESGO
abrir
Nucleimedium
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via th
18RIESGO
abrir
Nucleicritical
Online Event Booking and Reservation System 2.3.0 - SQL Injection
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-manag
23RIESGO
abrir
Nucleicritical
TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
30RIESGO
abrir
Nucleimedium
Fortinet FortiMail 7.0.1 - Cross-Site Scripting
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0
53RIESGO
abrir
Nucleihigh
Pre-Auth Takeover of Build Pipelines in GoCD
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default,
43RIESGO
abrir
Nucleicritical
Studio-42 elFinder <2.1.60 - Arbitrary File Upload
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remot
30RIESGO
abrir
Nucleihigh
AlquistManager Local File Inclusion
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnera
18RIESGO
abrir
Nucleihigh
Clustering Local File Inclusion
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vuln
23RIESGO
abrir
Nucleicritical
Sourcecodester Simple Client Management System 1.0 - SQL Injection
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login
18RIESGO
abrir
Nucleimedium
Atmail 6.5.0 - Cross-Site Scripting
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default U
18RIESGO
abrir
Nucleimedium
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remot
18RIESGO
abrir
Nucleihigh
kkFileview v4.0.0 - Local File Inclusion
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file l
23RIESGO
abrir
Nucleicritical
WordPress Automatic Plugin - Unauthenticated Options Change
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RIESGO
abrir
Nucleihigh
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Path traversal in GLPI barcode plugin
75RIESGO
abrir
Nucleihigh
Grafana v8.x - Arbitrary File Read
CVE-2021-43798HIGHbajo ataque
Grafana path traversal
100RIESGO
abrir
Nucleicritical
Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update
43RIESGO
abrir
Nucleimedium
Admidio - Cross-Site Scripting
Cross-site Scripting (XSS) when redirect an url
36RIESGO
abrir
Nucleihigh
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio interface
36RIESGO
abrir
Nucleicritical
Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
CVE-2021-44077CRITICALbajo ataque
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RIESGO
abrir
Nucleihigh
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remo
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.