Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely
85RIESGO
abrir ↗Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sen
53RIESGO
abrir ↗Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject fi
85RIESGO
abrir ↗Metasploit600
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RIESGO
abrir ↗Metasploit600
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir ↗Metasploit300
Wordpress Paid Membership Pro code Unauthenticated SQLi
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RIESGO
abrir ↗Metasploit600
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir ↗Metasploit600
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir ↗Metasploit600
ManageEngine Endpoint Central Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir ↗Metasploit600
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir ↗Metasploit600
Jorani unauthenticated Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RIESGO
abrir ↗Metasploit600
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RIESGO
abrir ↗Metasploit400
SugarCRM unauthenticated Remote Code Execution (RCE)
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RIESGO
abrir ↗Metasploit600
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macO
68RIESGO
abrir ↗Metasploit600
Cacti 1.2.22 unauthenticated command injection
Unauthenticated Command Injection
100RIESGO
abrir ↗Metasploit300
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RIESGO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to i
30RIESGO
abrir ↗Metasploit600
VSCode ipynb Remote Development RCE
Visual Studio Code Remote Code Execution Vulnerability
48RIESGO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obt
18RIESGO
abrir ↗Metasploit0
WhatsUp Gold Credentials Dump
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir ↗Metasploit600
Bitbucket Environment Variable RCE
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker
65RIESGO
abrir ↗Metasploit600
F5 BIG-IP iControl Authenticated RCE via RPM Creator
Appliance mode iControl REST vulnerability
68RIESGO
abrir ↗Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
POWERCOM CO., LTD. UPSMON PRO - Path Traversal
28RIESGO
abrir ↗Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials
28RIESGO
abrir ↗Metasploit400
Lenovo Diagnostics Driver IOCTL memmove
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo
56RIESGO
abrir ↗Metasploit600
Acronis Cyber Protect/Backup remote code execution
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following
43RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.