Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
41RIESGO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p
68RIESGO
abrir ↗Metasploit600
VMware NSX Manager XStream unauthenticated RCE
XStream is vulnerable to a Remote Command Execution attack
100RIESGO
abrir ↗Metasploit600
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
SolarWinds Platform Deserialization of Untrusted Data
48RIESGO
abrir ↗Metasploit600
Apache Commons Text RCE
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RIESGO
abrir ↗Metasploit600
Zimbra sudo + postfix privilege escalation
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalat
36RIESGO
abrir ↗Metasploit600
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RIESGO
abrir ↗Metasploit600
GitLab GitHub Repo Import Deserialization RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
85RIESGO
abrir ↗Metasploit600
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RIESGO
abrir ↗Metasploit600
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RIESGO
abrir ↗Metasploit600
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir ↗Metasploit600
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
CVE-2023-28384
48RIESGO
abrir ↗Metasploit300
Mobile Mouse RCE
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RIESGO
abrir ↗Metasploit300
Remote Control Collection RCE
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
63RIESGO
abrir ↗Metasploit500
Ubuntu Enlightenment Mount Priv Esc
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RIESGO
abrir ↗Metasploit300
Syncovery For Linux Web-GUI Session Token Brute-Forcer
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and be
18RIESGO
abrir ↗Metasploit600
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote c
30RIESGO
abrir ↗Metasploit500
pfSense plugin pfBlockerNG unauthenticated RCE as root
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RIESGO
abrir ↗Metasploit600
Symmetricom SyncServer Unauthenticated Remote Command Execution
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
85RIESGO
abrir ↗Metasploit400
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulner
100RIESGO
abrir ↗Metasploit600
Bitbucket Git Command Injection
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RIESGO
abrir ↗Metasploit600
FLIR AX8 unauthenticated RCE
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This
60RIESGO
abrir ↗Metasploit300
Rancher Authenticated API Credential Exposure
Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
63RIESGO
abrir ↗Metasploit500
VMware Workspace ONE Access CVE-2022-31660
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A m
18RIESGO
abrir ↗Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
Softing Secure Integration Server Uncontrolled Search Path Element
36RIESGO
abrir ↗Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
Softing Secure Integration Server Relative Path Traversal
41RIESGO
abrir ↗Metasploit600
Webmin Package Updates RCE
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RIESGO
abrir ↗Metasploit600
Apache Spark Unauthenticated Command Injection RCE
Apache Spark shell command injection vulnerability via Spark UI
100RIESGO
abrir ↗Metasploit600
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
Unauthenticated Remote Code Execution in Roxy-WI
85RIESGO
abrir ↗Metasploit600
ManageEngine ADAudit Plus CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.