Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
4190 exploits
Nucleimedium
Vite dev server - Cross-Site Scripting
Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite
28RIESGO
abrir
Nucleimedium
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspectin
18RIESGO
abrir
Nucleimedium
KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive in
28RIESGO
abrir
Nucleimedium
DedeCMS v5.7.111 - Cross-Site Scripting
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component selec
18RIESGO
abrir
Nucleihigh
Citrix Bleed - Leaking Session Tokens
CVE-2023-4966CRITICALbajo ataqueransomware
Unauthenticated sensitive information disclosure
100RIESGO
abrir
Nucleimedium
Academy LMS 6.2 - Cross-Site Scripting
Academy LMS GET Parameter filter cross site scripting
23RIESGO
abrir
Nucleicritical
Academy LMS 6.2 - SQL Injection
Academy LMS GET Parameter filter sql injection
28RIESGO
abrir
Nucleicritical
ChatGPT-Next-Web - SSRF/XSS
NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting
85RIESGO
abrir
Nucleihigh
Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
41RIESGO
abrir
Nucleihigh
reNgine 2.2.0 - Command Injection
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacha
41RIESGO
abrir
Nucleimedium
Apache Solr - Host Environment Variables Leak via Metrics API
Apache Solr: Host environment variables are published via the Metrics API
40RIESGO
abrir
Nucleicritical
Mingsoft MCMS 5.2.9 - SQL Injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/
43RIESGO
abrir
Nucleihigh
XWiki < 4.10.15 - Sensitive Information Disclosure
XWiki Platform Solr search discloses password hashes of all users
58RIESGO
abrir
Nucleimedium
XWiki < 4.10.15 - Email Disclosure
XWiki Platform Solr search discloses email addresses of users
40RIESGO
abrir
Nucleicritical
D-Link D-View 8 v2.0.1.28 - Authentication Bypass
Authentication Bypass in D-Link D-View 8
55RIESGO
abrir
Nucleicritical
JS Help Desk <= 2.8.1 - SQL Injection
WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection
63RIESGO
abrir
Nucleimedium
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
28RIESGO
abrir
Nucleicritical
MajorDoMo thumb.php - OS Command Injection
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE:
50RIESGO
abrir
Nucleihigh
Apache OFBiz < 18.12.11 - Server Side Request Forgery
Apache OFBiz: Arbitrary file properties reading and SSRF attack
30RIESGO
abrir
Nucleicritical
Jordy Meow AI Engine - Unrestricted File Upload
WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability
75RIESGO
abrir
Nucleihigh
Gradio Hugging Face - Local File Inclusion
Make the `/file` secure against file traversal attacks
28RIESGO
abrir
Nucleimedium
Seriously Simple Podcasting < 3.0.0 - Information Disclosure
Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure
28RIESGO
abrir
Nucleihigh
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
48RIESGO
abrir
Nucleicritical
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
CVE-2023-6549HIGHbajo ataque
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Un
78RIESGO
abrir
Nucleicritical
Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
Nucleihigh
LearnPress <= 4.2.5.7 - SQL Injection
LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by
75RIESGO
abrir
Nucleimedium
Mlflow - Cross-Site Scripting
Reflected XSS via Content-Type Header in mlflow/mlflow
28RIESGO
abrir
Nucleimedium
WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
28RIESGO
abrir
Nucleicritical
Essential Blocks < 4.4.3 - Local File Inclusion
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
75RIESGO
abrir
Nucleicritical
LearnPress < 4.2.5.8 - Remote Code Execution
LearnPress <= 4.2.5.7 - Command Injection
56RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.