Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.294exploits catalogados
31.742CVEs con explotación pública
0probados en laboratorio
4191 exploits
Nucleicritical
MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
43RIESGO
abrir
Nucleicritical
Emby Server - Authentication Bypass
Emby Server Proxy Header Spoofing Vulnerability
43RIESGO
abrir
Nucleicritical
Old Age Home Management System v1.0 - SQL Injection
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
43RIESGO
abrir
Nucleimedium
BlogEngine CMS - Open Redirect
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
40RIESGO
abrir
Nucleihigh
Faculty Evaluation System v1.0 - SQL Injection
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
36RIESGO
abrir
Nucleihigh
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_u
61RIESGO
abrir
Nucleimedium
LMS by Masteriyo < 1.6.8 - Information Exposure
LMS by Masteriyo < 1.6.8 - Information Exposure
18RIESGO
abrir
Nucleihigh
Jeecg P3 Biz Chat - Local File Inclusion
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
36RIESGO
abrir
Nucleihigh
Dolibarr Unauthenticated Contacts Database Theft
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's
23RIESGO
abrir
Nucleihigh
H3C Magic R300-2100M - Remote Code Execution
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at
36RIESGO
abrir
Nucleicritical
Chamilo LMS <= v1.11.20 Unauthenticated Command Injection
Chamilo LMS Unauthenticated Command Injection
55RIESGO
abrir
Nucleicritical
WAVLINK WN579X3 - Remote Command Execution
Wavlink WN579X3 Ping Test adm.cgi injection
28RIESGO
abrir
Nucleicritical
FUXA - Unauthenticated Remote Code Execution
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute
43RIESGO
abrir
Nucleihigh
Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting
58RIESGO
abrir
Nucleimedium
OpenProject < 12.5.4 - Project Identifiers Exposure
OpenProject vulnerable to project identifier information leakage through robots.txt
36RIESGO
abrir
Nucleimedium
Uncanny Toolkit for LearnDash - Open Redirection
WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability
28RIESGO
abrir
Nucleicritical
VMware vCenter Server - Out-of-Bounds Write
CVE-2023-34048CRITICALbajo ataque
VMware vCenter Server Out-of-Bounds Write Vulnerability
95RIESGO
abrir
Nucleihigh
Vite Dev Server - Information Exposure
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
36RIESGO
abrir
Nucleihigh
SRS - Command Injection
SRS has command injection vulnerability in demonstration api-server for HTTP callback.
36RIESGO
abrir
Nucleicritical
SonicWall GMS and Analytics Web Services - Shell Injection
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio
75RIESGO
abrir
Nucleihigh
SonicWall GMS and Analytics - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and
58RIESGO
abrir
Nucleicritical
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
CVE-2023-34192CRITICALbajo ataque
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary co
95RIESGO
abrir
Nucleimedium
Kyocera TASKalfa printer - Path Traversal
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read ar
40RIESGO
abrir
Nucleicritical
MOVEit Transfer - Remote Code Execution
CVE-2023-34362CRITICALbajo ataqueransomware
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir
Nucleicritical
WordPress Canto Plugin <= 3.0.4 - File Inclusion
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir
Nucleimedium
Hoteldruid 3.0.5 - Cross-Site Scripting
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected web
18RIESGO
abrir
Nucleicritical
Gibbon v25.0.0 - Local File Inclusion
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files
50RIESGO
abrir
Nucleimedium
Gibbon v25.0.0 - Cross-Site Scripting
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to ex
18RIESGO
abrir
Nucleicritical
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RIESGO
abrir
Nucleicritical
JeecgBoot 3.5.0 - SQL Injection
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interfac
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.