Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.294exploits catalogados
31.742CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.888GitHub PoC 13.184VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4191 exploits
Nucleicritical
MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
43RIESGO
abrir ↗Nucleicritical
Emby Server - Authentication Bypass
Emby Server Proxy Header Spoofing Vulnerability
43RIESGO
abrir ↗Nucleicritical
Old Age Home Management System v1.0 - SQL Injection
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
43RIESGO
abrir ↗Nucleimedium
BlogEngine CMS - Open Redirect
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
40RIESGO
abrir ↗Nucleihigh
Faculty Evaluation System v1.0 - SQL Injection
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
36RIESGO
abrir ↗Nucleihigh
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_u
61RIESGO
abrir ↗Nucleimedium
LMS by Masteriyo < 1.6.8 - Information Exposure
LMS by Masteriyo < 1.6.8 - Information Exposure
18RIESGO
abrir ↗Nucleihigh
Jeecg P3 Biz Chat - Local File Inclusion
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
36RIESGO
abrir ↗Nucleihigh
Dolibarr Unauthenticated Contacts Database Theft
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's
23RIESGO
abrir ↗Nucleihigh
H3C Magic R300-2100M - Remote Code Execution
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at
36RIESGO
abrir ↗Nucleicritical
Chamilo LMS <= v1.11.20 Unauthenticated Command Injection
Chamilo LMS Unauthenticated Command Injection
55RIESGO
abrir ↗Nucleicritical
WAVLINK WN579X3 - Remote Command Execution
Wavlink WN579X3 Ping Test adm.cgi injection
28RIESGO
abrir ↗Nucleicritical
FUXA - Unauthenticated Remote Code Execution
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute
43RIESGO
abrir ↗Nucleihigh
Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting
58RIESGO
abrir ↗Nucleimedium
OpenProject < 12.5.4 - Project Identifiers Exposure
OpenProject vulnerable to project identifier information leakage through robots.txt
36RIESGO
abrir ↗Nucleimedium
Uncanny Toolkit for LearnDash - Open Redirection
WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability
28RIESGO
abrir ↗Nucleicritical
VMware vCenter Server - Out-of-Bounds Write
VMware vCenter Server Out-of-Bounds Write Vulnerability
95RIESGO
abrir ↗Nucleihigh
Vite Dev Server - Information Exposure
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
36RIESGO
abrir ↗Nucleihigh
SRS - Command Injection
SRS has command injection vulnerability in demonstration api-server for HTTP callback.
36RIESGO
abrir ↗Nucleicritical
SonicWall GMS and Analytics Web Services - Shell Injection
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio
75RIESGO
abrir ↗Nucleihigh
SonicWall GMS and Analytics - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and
58RIESGO
abrir ↗Nucleicritical
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary co
95RIESGO
abrir ↗Nucleimedium
Kyocera TASKalfa printer - Path Traversal
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read ar
40RIESGO
abrir ↗Nucleicritical
MOVEit Transfer - Remote Code Execution
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir ↗Nucleicritical
WordPress Canto Plugin <= 3.0.4 - File Inclusion
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir ↗Nucleimedium
Hoteldruid 3.0.5 - Cross-Site Scripting
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected web
18RIESGO
abrir ↗Nucleicritical
Gibbon v25.0.0 - Local File Inclusion
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files
50RIESGO
abrir ↗Nucleimedium
Gibbon v25.0.0 - Cross-Site Scripting
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to ex
18RIESGO
abrir ↗Nucleicritical
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RIESGO
abrir ↗Nucleicritical
JeecgBoot 3.5.0 - SQL Injection
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interfac
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.