Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Froxlor Log Path RCE
CVE-2023-0315HIGH29 ene 2023
Command Injection in froxlor/froxlor
78RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31704CRITICAL24 ene 2023
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely
85RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31711MEDIUM24 ene 2023
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sen
53RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31706CRITICAL24 ene 2023
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject fi
85RIESGO
abrir
Metasploit600
Sudoedit Extra Arguments Priv Esc
CVE-2023-22809HIGH18 ene 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RIESGO
abrir
Metasploit600
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
CVE-2023-21839HIGHbajo ataque17 ene 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir
Metasploit600
pyLoad js2py Python Execution
CVE-2023-0297CRITICAL13 ene 2023
Code Injection in pyload/pyload
85RIESGO
abrir
Metasploit300
Wordpress Paid Membership Pro code Unauthenticated SQLi
CVE-2023-23488CRITICAL12 ene 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RIESGO
abrir
Metasploit600
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
CVE-2023-21768HIGH10 ene 2023
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir
Metasploit600
ManageEngine Endpoint Central Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
Jorani unauthenticated Remote Code Execution
CVE-2023-2646906 ene 2023
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RIESGO
abrir
Metasploit600
CWP login.php Unauthenticated RCE
CVE-2022-44877CRITICALbajo ataque05 ene 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RIESGO
abrir
Metasploit400
SugarCRM unauthenticated Remote Code Execution (RCE)
CVE-2023-22952HIGHbajo ataque28 dic 2022
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RIESGO
abrir
Metasploit600
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
CVE-2022-46689HIGH17 dic 2022
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macO
68RIESGO
abrir
Metasploit600
Cacti 1.2.22 unauthenticated command injection
CVE-2022-46169CRITICALbajo ataque05 dic 2022
Unauthenticated Command Injection
100RIESGO
abrir
Metasploit300
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
CVE-2022-46770HIGH04 dic 2022
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984722 nov 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to i
30RIESGO
abrir
Metasploit600
VSCode ipynb Remote Development RCE
CVE-2022-41034HIGH22 nov 2022
Visual Studio Code Remote Code Execution Vulnerability
48RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984522 nov 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984622 nov 2022
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obt
18RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984822 nov 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir
Metasploit600
Bitbucket Environment Variable RCE
CVE-2022-43781CRITICAL16 nov 2022
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker
65RIESGO
abrir
Metasploit600
F5 BIG-IP iControl CSRF File Write SOAP API
CVE-2022-41622HIGH16 nov 2022
iControl SOAP vulnerability
58RIESGO
abrir
Metasploit600
F5 BIG-IP iControl Authenticated RCE via RPM Creator
CVE-2022-41800HIGH16 nov 2022
Appliance mode iControl REST vulnerability
68RIESGO
abrir
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38120MEDIUM10 nov 2022
POWERCOM CO., LTD. UPSMON PRO - Path Traversal
28RIESGO
abrir
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38121MEDIUM10 nov 2022
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials
28RIESGO
abrir
Metasploit400
Lenovo Diagnostics Driver IOCTL memmove
CVE-2022-3699HIGH09 nov 2022
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo
56RIESGO
abrir
Metasploit600
Acronis Cyber Protect/Backup remote code execution
CVE-2022-3405CRITICAL08 nov 2022
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following
43RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.