Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
GitLab CE/EE < 16.7.2 - Password Reset
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RIESGO
abrir ↗Exploit-DB
SolarView Compact 6.00 - Command Injection
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
85RIESGO
abrir ↗Exploit-DB
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
100RIESGO
abrir ↗Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
Viessmann Vitogate 300 direct request
38RIESGO
abrir ↗Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
41RIESGO
abrir ↗Exploit-DB
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RIESGO
abrir ↗Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RIESGO
abrir ↗Exploit-DB
KiTTY 0.76.1.13 - Command Injection
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
41RIESGO
abrir ↗Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to
46RIESGO
abrir ↗Exploit-DB
DataCube3 v1.0 - Unrestricted file upload 'RCE'
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An una
53RIESGO
abrir ↗Exploit-DB
Hide My WP < 6.2.9 - Unauthenticated SQLi
Hide My WP < 6.2.9 - Unauthenticated SQLi
48RIESGO
abrir ↗Exploit-DB
Ladder v0.0.21 - Server-side request forgery (SSRF)
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request
41RIESGO
abrir ↗Exploit-DB
Akaunting < 3.1.3 - RCE
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company loc
60RIESGO
abrir ↗Exploit-DB
Numbas < v7.3 - Remote Code Execution
Numbas editor before 7.3 mishandles editing of themes and extensions.
38RIESGO
abrir ↗Exploit-DB
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RIESGO
abrir ↗Exploit-DB
Petrol Pump Management Software v.1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a c
53RIESGO
abrir ↗Exploit-DB
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a cra
53RIESGO
abrir ↗Exploit-DB
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code
33RIESGO
abrir ↗Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only a
41RIESGO
abrir ↗Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext password
75RIESGO
abrir ↗Exploit-DB
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /d
41RIESGO
abrir ↗Exploit-DB
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
33RIESGO
abrir ↗Exploit-DB
Media Library Assistant Wordpress Plugin - RCE and LFI
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
85RIESGO
abrir ↗Exploit-DB
Clcknshop 1.0.0 - SQL Injection
Infosoftbd Clcknshop GET Parameter all sql injection
45RIESGO
abrir ↗Exploit-DB
Cacti 1.2.24 - Authenticated command injection when using SNMP options
Authenticated command injection in SNMP options of a Device
63RIESGO
abrir ↗Exploit-DB
BoidCMS v2.0.0 - authenticated file upload vulnerability
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RIESGO
abrir ↗Exploit-DB
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
41RIESGO
abrir ↗Exploit-DB
Splunk 9.0.5 - admin account take over
‘edit_user’ Capability Privilege Escalation
78RIESGO
abrir ↗Exploit-DB
Minio 2022-07-29T19-40-48Z - Path traversal
Authenticated requests for server update admin API allows path traversal in minio
53RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.