Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
Hestiacp <= 1.7.7 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
28RIESGO
abrir ↗Nucleihigh
Traggo Server - Local File Inclusion
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.
18RIESGO
abrir ↗Nucleicritical
Chamilo Command Injection
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to ex
60RIESGO
abrir ↗Nucleicritical
FortiWLM - Directory Traversal
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to ex
48RIESGO
abrir ↗Nucleicritical
Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio
48RIESGO
abrir ↗Nucleicritical
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or re
100RIESGO
abrir ↗Nucleicritical
MobileIron Core - Remote Unauthenticated API Access
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted fu
100RIESGO
abrir ↗Nucleimedium
XWiki - Cross-Site Scripting
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
36RIESGO
abrir ↗Nucleimedium
XWiki >= 6.0-rc-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
43RIESGO
abrir ↗Nucleimedium
XWiki - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 3.4-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
43RIESGO
abrir ↗Nucleimedium
XWiki >= 6.2-milestone-1 - Cross-Site Scripting
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
43RIESGO
abrir ↗Nucleimedium
XWiki < 14.10.5 - Cross-Site Scripting
XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template
43RIESGO
abrir ↗Nucleicritical
Citrix NetScaler ADC and NetScaler Gateway - Remote Code Execution
Unauthenticated remote code execution
100RIESGO
abrir ↗Nucleimedium
FOSSBilling < 0.5.3 - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
28RIESGO
abrir ↗Nucleicritical
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.
40RIESGO
abrir ↗Nucleicritical
DedeCMS 5.7.109 - Server-Side Request Forgery
DedeCMS co_do.php server-side request forgery
28RIESGO
abrir ↗Nucleicritical
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RIESGO
abrir ↗Nucleihigh
NocoDB version <= 0.106.1 - Arbitrary File Read
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access
56RIESGO
abrir ↗Nucleihigh
Lightdash version <= 0.510.3 Arbitrary File Read
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory trav
56RIESGO
abrir ↗Nucleicritical
Cloudpanel 2 < 2.3.1 - Remote Code Execution
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
85RIESGO
abrir ↗Nucleihigh
Intelbras Switch - Information Disclosure
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to downlo
50RIESGO
abrir ↗Nucleihigh
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_p
18RIESGO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RIESGO
abrir ↗Nucleimedium
Webkul QloApps 1.6.0 - Cross-site Scripting
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a
18RIESGO
abrir ↗Nucleimedium
Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to exec
38RIESGO
abrir ↗Nucleimedium
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parame
38RIESGO
abrir ↗Nucleihigh
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to down
30RIESGO
abrir ↗Nucleicritical
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini document file inclusion
78RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.