Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4190 exploits
Nucleimedium
CopyParty v1.8.6 - Cross Site Scripting
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RIESGO
abrir ↗Nucleicritical
Metabase < 0.46.6.1 - Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RIESGO
abrir ↗Nucleimedium
PHP Login System 2.0.1 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to ex
18RIESGO
abrir ↗Nucleihigh
openSIS v9.0 - Path Traversal
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a direc
18RIESGO
abrir ↗Nucleihigh
ZKTeco BioTime v8.5.5 - Path Traversal
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbit
100RIESGO
abrir ↗Nucleihigh
ZKTeco BioTime <= 9.0.1 - Privilege Escalation
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due
36RIESGO
abrir ↗Nucleimedium
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
18RIESGO
abrir ↗Nucleicritical
Jeecg-Boot v3.5.1 - SQL Injection
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeD
40RIESGO
abrir ↗Nucleimedium
OPNsense - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition
18RIESGO
abrir ↗Nucleicritical
OPNsense - Cross-Site Scripting to RCE
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 al
18RIESGO
abrir ↗Nucleihigh
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Fun
18RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Fun
18RIESGO
abrir ↗Nucleihigh
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPa
18RIESGO
abrir ↗Nucleihigh
Emlog 2.1.9 - SQL Injection
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
18RIESGO
abrir ↗Nucleihigh
Aria2 WebUI - Path traversal
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
18RIESGO
abrir ↗Nucleicritical
PaperCut < 22.1.3 - Path Traversal
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete
85RIESGO
abrir ↗Nucleimedium
Blog2Social < 7.2.1 - Cross-Site Scripting
Blog2Social < 7.2.1 - Reflected XSS
28RIESGO
abrir ↗Nucleicritical
Cacti 1.2.24 - SQL Injection
Unauthenticated SQL Injection in graph_view.php in Cacti
85RIESGO
abrir ↗Nucleicritical
ECTouch v2 - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\inse
18RIESGO
abrir ↗Nucleimedium
IceWarp Email Client - Cross Site Scripting
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitra
18RIESGO
abrir ↗Nucleimedium
IceWarp 11.4.6.0 - Cross-Site Scripting
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
18RIESGO
abrir ↗Nucleicritical
PrestaShop Theme Volty CMS Blog - SQL Injection
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter a
18RIESGO
abrir ↗Nucleimedium
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerabi
18RIESGO
abrir ↗Nucleihigh
PrestaShop MyPrestaModules - PhpInfo Disclosure
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInf
30RIESGO
abrir ↗Nucleimedium
IceWarp Mail Server v10.4.5 - Cross-Site Scripting
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color
18RIESGO
abrir ↗Nucleicritical
WBCE 1.6.0 - SQL Injection
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute
18RIESGO
abrir ↗Nucleimedium
Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
Mingsoft MCMS HTTP POST Request search.do cross site scripting
23RIESGO
abrir ↗Nucleihigh
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability
68RIESGO
abrir ↗Nucleicritical
WS_FTP Server - Insecure Deserialization
WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.