Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
OpenTSDB 2.4.1 unauthenticated command injection
CVE-2023-25826CRITICAL01 jul 2023
Remote Code Execution in OpenTSDB
75RIESGO
abrir
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-0872HIGH01 jul 2023
ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users
36RIESGO
abrir
Metasploit600
OpenNMS Horizon Authenticated RCE
CVE-2023-40315MEDIUM01 jul 2023
ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN
28RIESGO
abrir
Metasploit600
MagnusBilling application unauthenticated Remote Command Execution.
CVE-2023-30258CRITICAL26 jun 2023
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RIESGO
abrir
Metasploit600
Rudder Server SQLI Remote Code Execution
CVE-2023-30625HIGH16 jun 2023
rudder-server vulnerable to SQL Injection
58RIESGO
abrir
Metasploit600
Apache NiFi H2 Connection String Remote Code Execution
CVE-2023-34468HIGH12 jun 2023
Apache NiFi: Potential Code Injection with Database Services using H2
48RIESGO
abrir
Metasploit300
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
CVE-2023-0342LOW09 jun 2023
MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
23RIESGO
abrir
Metasploit600
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
CVE-2023-20887CRITICALbajo ataque07 jun 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware
100RIESGO
abrir
Metasploit600
Ivanti EPM Agent Portal Command Execution
CVE-2023-28324HIGH07 jun 2023
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege es
41RIESGO
abrir
Metasploit600
CmsMadeSimple Authenticated File Manager RCE
CVE-2023-3696907 jun 2023
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
30RIESGO
abrir
Metasploit600
Chamilo unauthenticated command injection in PowerPoint upload
CVE-2023-3496001 jun 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to ex
60RIESGO
abrir
Metasploit600
Splunk "edit_user" Capability Privilege Escalation
CVE-2023-32707HIGH01 jun 2023
‘edit_user’ Capability Privilege Escalation
78RIESGO
abrir
Metasploit600
Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode
CVE-2023-206831 may 2023
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
50RIESGO
abrir
Metasploit600
MOVEit SQL Injection vulnerability
CVE-2023-34362CRITICALbajo ataqueransomware31 may 2023
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir
Metasploit600
Dolibarr ERP/CRM Authenticated Code Injection
CVE-2023-30253HIGH29 may 2023
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instea
58RIESGO
abrir
Metasploit600
Openfire authentication bypass with RCE plugin
CVE-2023-32315HIGHbajo ataque26 may 2023
Openfire administration console authentication bypass
100RIESGO
abrir
Metasploit600
Apache RocketMQ update config RCE
CVE-2023-33246CRITICALbajo ataque23 may 2023
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RIESGO
abrir
Metasploit300
GitLab Authenticated File Read
CVE-2023-2825CRITICAL23 may 2023
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RIESGO
abrir
Metasploit600
Barracuda ESG TAR Filename Command Injection
CVE-2023-2868CRITICALbajo ataque23 may 2023
Remote Code injection in Barracuda Email Security Gateway
100RIESGO
abrir
Metasploit600
Delta Electronics InfraSuite Device Master Deserialization
CVE-2023-1133CRITICAL17 may 2023
CVE-2023-1133
75RIESGO
abrir
Metasploit600
SolarView Compact unauthenticated remote command execution vulnerability.
CVE-2023-23333CRITICAL15 may 2023
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RIESGO
abrir
Metasploit600
TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
CVE-2023-30013CRITICAL05 may 2023
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/s
68RIESGO
abrir
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-24955HIGHbajo ataqueransomware01 may 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Sharepoint Dynamic Proxy Generator Unauth RCE
CVE-2023-29357CRITICALbajo ataqueransomware01 may 2023
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RIESGO
abrir
Metasploit300
Apache Superset Signed Cookie Priv Esc
CVE-2023-27524HIGHbajo ataque25 abr 2023
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
Metasploit600
invscout RPM Privilege Escalation
CVE-2023-28528HIGH24 abr 2023
IBM AIX command execution
36RIESGO
abrir
Metasploit600
Ivanti Avalanche FileStoreConfig File Upload
CVE-2023-28128HIGH24 abr 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could
58RIESGO
abrir
Metasploit300
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
CVE-2023-26876HIGH21 abr 2023
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via t
36RIESGO
abrir
Metasploit600
ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection
CVE-2023-29084HIGH12 abr 2023
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy setti
58RIESGO
abrir
Metasploit300
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
CVE-2023-21554CRITICAL11 abr 2023
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
85RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.