Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleimedium
Skysa App Bar 1.04 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly befor
38RIESGO
abrir ↗Nucleimedium
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress
43RIESGO
abrir ↗Nucleimedium
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.
43RIESGO
abrir ↗Nucleimedium
Featurific For WordPress 1.6.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress
38RIESGO
abrir ↗Nucleimedium
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RIESGO
abrir ↗Nucleimedium
Apache Struts <2.3.1.1 - Remote Code Execution
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RIESGO
abrir ↗Nucleimedium
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remo
43RIESGO
abrir ↗Nucleimedium
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows r
38RIESGO
abrir ↗Nucleimedium
phpShowtime 2.0 - Directory Traversal
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image fil
43RIESGO
abrir ↗Nucleilow
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files v
43RIESGO
abrir ↗Nucleimedium
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary f
38RIESGO
abrir ↗Nucleihigh
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
36RIESGO
abrir ↗Nucleihigh
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files
43RIESGO
abrir ↗Nucleihigh
PHP CGI v5.3.12/5.4.2 Remote Code Execution
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RIESGO
abrir ↗Nucleimedium
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress al
38RIESGO
abrir ↗Nucleimedium
WP-FaceThumb 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attacke
43RIESGO
abrir ↗Nucleimedium
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RIESGO
abrir ↗Nucleimedium
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users t
38RIESGO
abrir ↗Nucleimedium
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to in
38RIESGO
abrir ↗Nucleimedium
MySQLDumper 1.24.4 - Directory Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a
38RIESGO
abrir ↗Nucleimedium
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for Wor
18RIESGO
abrir ↗Nucleimedium
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
18RIESGO
abrir ↗Nucleimedium
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac
43RIESGO
abrir ↗Nucleimedium
FlatnuX CMS - Directory Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to r
38RIESGO
abrir ↗Nucleimedium
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inje
38RIESGO
abrir ↗Nucleimedium
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RIESGO
abrir ↗Nucleimedium
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to
38RIESGO
abrir ↗Nucleimedium
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frame
43RIESGO
abrir ↗Nucleimedium
WordPress Integrator 1.32 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allo
38RIESGO
abrir ↗Nucleimedium
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
43RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.