Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
ownCloud Phpinfo Reader
CVE-2023-49103CRITICALbajo ataque21 nov 2023
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies
100RIESGO
abrir
Metasploit600
Ray Agent Job RCE
CVE-2023-48022CRITICAL15 nov 2023
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the ve
85RIESGO
abrir
Metasploit300
Ray static arbitrary file read
CVE-2023-6020HIGH15 nov 2023
Ray Static File Local File Include
41RIESGO
abrir
Metasploit600
Ray cpu_profile command injection
CVE-2023-6019CRITICAL15 nov 2023
Ray Command Injection in cpu_profile Parameter
85RIESGO
abrir
Metasploit300
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
CVE-2023-606314 nov 2023
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
40RIESGO
abrir
Metasploit600
GitLens Git Local Configuration Exec
CVE-2023-4694414 nov 2023
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Vis
18RIESGO
abrir
Metasploit600
WonderCMS Remote Code Execution
CVE-2023-41425MEDIUM07 nov 2023
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code
60RIESGO
abrir
Metasploit600
Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)
CVE-2023-22518CRITICALbajo ataqueransomware31 oct 2023
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authoriz
100RIESGO
abrir
Metasploit600
Apache ActiveMQ Unauthenticated Remote Code Execution
CVE-2023-46604CRITICALbajo ataqueransomware27 oct 2023
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
Metasploit600
Vinchin Backup and Recovery Command Injection
CVE-2023-45498CRITICAL26 oct 2023
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability
68RIESGO
abrir
Metasploit600
F5 BIG-IP TMUI AJP Smuggling RCE
CVE-2023-46747CRITICALbajo ataqueransomware26 oct 2023
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RIESGO
abrir
Metasploit600
Vinchin Backup and Recovery Command Injection
CVE-2023-4549926 oct 2023
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.
18RIESGO
abrir
Metasploit300
Citrix ADC (NetScaler) Bleed Scanner
CVE-2023-4966CRITICALbajo ataqueransomware25 oct 2023
Unauthenticated sensitive information disclosure
100RIESGO
abrir
Metasploit600
Mirth Connect Deserialization RCE
CVE-2023-43208CRITICALbajo ataqueransomware25 oct 2023
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir
Metasploit600
Mirth Connect Deserialization RCE
CVE-2023-3767925 oct 2023
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary com
40RIESGO
abrir
Metasploit600
ISPConfig language_edit.php PHP Code Injection
CVE-2023-46818HIGH24 oct 2023
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by
41RIESGO
abrir
Metasploit300
Cisco IOX XE unauthenticated OS command execution
CVE-2023-20273HIGHbajo ataque16 oct 2023
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject c
100RIESGO
abrir
Metasploit600
Cisco IOX XE Unauthenticated RCE Chain
CVE-2023-20273HIGHbajo ataque16 oct 2023
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject c
100RIESGO
abrir
Metasploit300
Cisco IOX XE unauthenticated Command Line Interface (CLI) execution
CVE-2023-20198CRITICALbajo ataque16 oct 2023
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
Metasploit600
Cisco IOX XE Unauthenticated RCE Chain
CVE-2023-20198CRITICALbajo ataque16 oct 2023
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
Metasploit300
Cisco IOX XE unauthenticated OS command execution
CVE-2023-20198CRITICALbajo ataque16 oct 2023
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
Metasploit600
Atlassian Confluence Unauthenticated Remote Code Execution
CVE-2023-22515CRITICALbajo ataqueransomware04 oct 2023
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RIESGO
abrir
Metasploit300
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
CVE-2023-22515CRITICALbajo ataqueransomware04 oct 2023
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RIESGO
abrir
Metasploit600
PyTorch Model Server Registration and Deserialization RCE
CVE-2022-1471HIGH03 oct 2023
Remote Code execution in SnakeYAML
58RIESGO
abrir
Metasploit600
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
CVE-2023-4911HIGHbajo ataque03 oct 2023
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
Metasploit600
PyTorch Model Server Registration and Deserialization RCE
CVE-2023-43654CRITICAL03 oct 2023
TorchServe Server-Side Request Forgery
75RIESGO
abrir
Metasploit600
Progress Software WS_FTP Unauthenticated Remote Code Execution
CVE-2023-40044CRITICALbajo ataqueransomware27 sep 2023
WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
100RIESGO
abrir
Metasploit600
Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.
CVE-2023-52251HIGH27 sep 2023
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the
78RIESGO
abrir
Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
CVE-2023-42793CRITICALbajo ataqueransomware19 sep 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RIESGO
abrir
Metasploit600
Craft CMS unauthenticated Remote Code Execution (RCE)
CVE-2023-41892CRITICAL13 sep 2023
Craft CMS Remote Code Execution vulnerability
85RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.