Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleicritical
WordPress My Calendar <3.4.22 - SQL Injection
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in th
48RIESGO
abrir ↗Nucleimedium
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site Scripting in Alkacon Software OpenCms
28RIESGO
abrir ↗Nucleimedium
WordPress Toolbar <= 2.2.6 - Open Redirect
WordPress Toolbar <= 2.2.6 - Open Redirect
33RIESGO
abrir ↗Nucleimedium
WordPress Download Manager - File Password Exposure
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak
36RIESGO
abrir ↗Nucleihigh
SolarWinds Security Event Manager - Unauthenticated RCE
SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
78RIESGO
abrir ↗Nucleicritical
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
43RIESGO
abrir ↗Nucleicritical
Arcserve Unified Data Protection - Authentication Bypass
Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
43RIESGO
abrir ↗Nucleihigh
Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
Unauthenticated DoS in Arcserve Unified Data Protection
48RIESGO
abrir ↗Nucleimedium
Combo Blocks < 2.2.76 - Improper Access Control
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
33RIESGO
abrir ↗Nucleicritical
Smart S210 Management Platform - Arbitary File Upload
Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload
40RIESGO
abrir ↗Nucleimedium
Issabel Authenticated - Remote Code Execution
Issabel PBX Asterisk-Cli os command injection
40RIESGO
abrir ↗Nucleicritical
CodeChecker <= 6.24.1 - Authentication Bypass
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
55RIESGO
abrir ↗Nucleimedium
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
28RIESGO
abrir ↗Nucleihigh
Simple Certain Time to Show Content - Cross-Site Scripting
Simple Certain Time to Show Content < 1.3.1 - Reflected XSS
36RIESGO
abrir ↗Nucleicritical
Rebuild <= 3.5.5 - Server-Side Request Forgery
Rebuild HTTP Request readRawText server-side request forgery
40RIESGO
abrir ↗Nucleihigh
Tutor LMS <= 2.7.6 - SQL Injection
Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter
78RIESGO
abrir ↗Nucleimedium
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
28RIESGO
abrir ↗Nucleihigh
Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
36RIESGO
abrir ↗Nucleicritical
Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source
63RIESGO
abrir ↗Nucleicritical
WordPress HTML5 Video Player - SQL Injection
The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerabilit
41RIESGO
abrir ↗Nucleimedium
System Dashboard < 2.8.15 - Admin+ Path Traversal
System Dashboard < 2.8.15 - Admin+ Path Traversal
28RIESGO
abrir ↗Nucleicritical
WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RIESGO
abrir ↗Nucleicritical
WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion
Campress <= 1.35 - Unauthenticated Local File Inclusion
43RIESGO
abrir ↗Nucleihigh
WordPress Plugin MainWP Child - Authentication Bypass
MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation
36RIESGO
abrir ↗Nucleimedium
GPT Academic v1.3.9 - Open Redirect
Open Redirect in binary-husky/gpt_academic
28RIESGO
abrir ↗Nucleicritical
D-Link NAS - Command Injection via Name Parameter
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RIESGO
abrir ↗Nucleicritical
D-Link NAS - Command Injection via Group Parameter
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.