Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
KiviCare WordPress Plugin - Cross-Site Scripting
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleihigh
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
68RIESGO
abrir
Nucleihigh
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
61RIESGO
abrir
Nucleicritical
Arcserve UDP <= 9.0.6034 - Authentication Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashSe
50RIESGO
abrir
Nucleihigh
Adobe Coldfusion - Authentication Bypass
CVE-2023-38205 issues | ColdFusion Admin Panel Access
41RIESGO
abrir
Nucleihigh
Adobe ColdFusion - Local File Read
CVE-2023-26360HIGHbajo ataque
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RIESGO
abrir
Nucleicritical
Jorani 1.0.0 - Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RIESGO
abrir
Nucleicritical
Weaver E-Office 9.5 - Remote Code Execution
Weaver E-Office uploadify.php unrestricted upload
33RIESGO
abrir
Nucleicritical
DCBI-Netlog-LAB v1.0 - Command Injection
An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attac
55RIESGO
abrir
Nucleimedium
ChurchCRM 4.5.3 - Cross-Site Scripting
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web scr
28RIESGO
abrir
Nucleimedium
ChurchCRM 4.5.3 - Cross-Site Scripting
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web scr
28RIESGO
abrir
Nucleimedium
ATutor < 2.2.1 - Cross Site Scripting
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows r
28RIESGO
abrir
Nucleicritical
PrestaShop AdvancedPopupCreator - SQL Injection
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the compo
43RIESGO
abrir
Nucleicritical
Jms Blog - SQL Injection
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
55RIESGO
abrir
Nucleihigh
Appwrite <=1.2.1 - Server-Side Request Forgery
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favic
48RIESGO
abrir
Nucleimedium
Request-Baskets <= 1.2.1 - Server Side Request Forgery
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baske
48RIESGO
abrir
Nucleihigh
GDidees CMS v3.9.1 - Arbitrary File Download
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RIESGO
abrir
Nucleimedium
OpenCATS - Open Redirect
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET pa
28RIESGO
abrir
Nucleicritical
MStore API <= 3.9.2 - Authentication Bypass
MStore API <= 3.9.2 - Authentication Bypass
75RIESGO
abrir
Nucleicritical
MStore API <= 3.9.1 - Authentication Bypass
MStore API <= 3.9.1 - Authentication Bypass
43RIESGO
abrir
Nucleicritical
PaperCut - Unauthenticated Remote Code Execution
CVE-2023-27350CRITICALbajo ataqueransomware
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
Nucleihigh
PaperCut NG - Authentication Bypass
CVE-2023-27351HIGHbajo ataqueransomware
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
88RIESGO
abrir
Nucleicritical
SPIP - Remote Command Execution
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
Nucleimedium
WordPress Core <=6.2 - Directory Traversal
WordPress Core < 6.2.1 - Directory Traversal
70RIESGO
abrir
Nucleicritical
Home Assistant Supervisor - Authentication Bypass
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for
65RIESGO
abrir
Nucleicritical
Apache Superset - Authentication Bypass
CVE-2023-27524HIGHbajo ataque
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
Nucleicritical
Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
Dragonfly2 vulnerable to hard coded cyptographic key
55RIESGO
abrir
Nucleimedium
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing
36RIESGO
abrir
Nucleimedium
WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
WordPress Redirect After Login Plugin <= 0.1.9 is vulnerable to Cross Site Scripting (XSS)
28RIESGO
abrir
Nucleicritical
PrestaShop `tshirtecommerce` Module - SQL Injection
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP req
43RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.