Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a r
60RIESGO
abrir
Referência
CVE-2018-1111
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RIESGO
abrir
Referência
CVE-2018-1111
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RIESGO
abrir
Referência
CVE-2019-12989
CVE-2019-12989CRITICALbajo ataque
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
100RIESGO
abrir
Referência
CVE-2016-2004
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RIESGO
abrir
Referência
CVE-2016-2004
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RIESGO
abrir
Referência
CVE-2016-2004
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RIESGO
abrir
Referência
CVE-2016-2004
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RIESGO
abrir
Referência
CVE-2018-3245
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
45RIESGO
abrir
Referência
CVE-2010-4915
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL
23RIESGO
abrir
Referência
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2
60RIESGO
abrir
Referência
CVE-2020-1147
CVE-2020-1147HIGHbajo ataque
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir
Referência
CVE-2020-1147
CVE-2020-1147HIGHbajo ataque
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir
Referência
CVE-2020-1147
CVE-2020-1147HIGHbajo ataque
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir
Referência
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RIESGO
abrir
Referência
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RIESGO
abrir
Referência
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir
Referência
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir
Referência
CVE-2016-1524
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RIESGO
abrir
Referência
CVE-2026-21643
CVE-2026-21643CRITICALbajo ataque
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiC
100RIESGO
abrir
Referência
CVE-2024-48248
CVE-2024-48248HIGHbajo ataque
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /
100RIESGO
abrir
Referência
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x be
60RIESGO
abrir
Referência
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x be
60RIESGO
abrir
Referência
CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RIESGO
abrir
Referência
CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RIESGO
abrir
Referência
CVE-2015-7857
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RIESGO
abrir
Referência
CVE-2015-7857
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RIESGO
abrir
Referência
CVE-2015-7857
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RIESGO
abrir
Referência
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
55RIESGO
abrir
Referência
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
55RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.