Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
WSO2 Arbitrary File Upload to RCE
CVE-2022-29464CRITICALbajo ataqueransomware01 abr 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /file
100RIESGO
abrir
Metasploit0
Spring Framework Class property RCE (Spring4Shell)
CVE-2022-22965CRITICALbajo ataque31 mar 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
Metasploit600
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
CVE-2022-1329HIGH29 mar 2022
Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
78RIESGO
abrir
Metasploit600
Spring Cloud Function SpEL Injection
CVE-2022-22963CRITICALbajo ataque29 mar 2022
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RIESGO
abrir
Metasploit500
io_uring Same Type Object Reuse Priv Esc
CVE-2022-104322 mar 2022
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to cor
18RIESGO
abrir
Metasploit600
Open Web Analytics 1.7.3 - Remote Code Execution (RCE)
CVE-2022-2463718 mar 2022
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, wh
60RIESGO
abrir
Metasploit600
User Profile Arbitrary Junction Creation Local Privilege Elevation
CVE-2022-26904HIGHbajo ataque17 mar 2022
Windows User Profile Service Elevation of Privilege Vulnerability
66RIESGO
abrir
Metasploit300
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
CVE-2022-016914 mar 2022
Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection
60RIESGO
abrir
Metasploit500
Watch Queue Out of Bounds Write
CVE-2022-099514 mar 2022
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This
18RIESGO
abrir
Metasploit600
MyBB Admin Control Code Injection RCE
CVE-2022-24734HIGH09 mar 2022
Remote code execution in mybb
78RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
CVE-2022-2498907 mar 2022
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskst
30RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
CVE-2022-24990CRITICALbajo ataqueransomware07 mar 2022
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agen
100RIESGO
abrir
Metasploit300
Wordpress BookingPress bookingpress_front_get_category_services SQLi
CVE-2022-073928 feb 2022
BookingPress < 1.0.11 - Unauthenticated SQL Injection
30RIESGO
abrir
Metasploit600
Webmin File Manager RCE
CVE-2022-0824HIGH26 feb 2022
Improper Access Control to Remote Code Execution in webmin/webmin
78RIESGO
abrir
Metasploit300
GitLab GraphQL API User Enumeration
CVE-2021-4191MEDIUM25 feb 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Priv
70RIESGO
abrir
Metasploit600
pfSense Diag Routes Web Shell Upload
CVE-2021-4128223 feb 2022
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data abo
40RIESGO
abrir
Metasploit600
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
CVE-2022-0847HIGHbajo ataque20 feb 2022
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir
Metasploit600
Sourcegraph gitserver sshCommand RCE
CVE-2022-23642HIGH18 feb 2022
Code Injection in Sourcegraph
78RIESGO
abrir
Metasploit300
Wordpress MasterStudy Admin Account Creation
CVE-2022-044118 feb 2022
MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation
60RIESGO
abrir
Metasploit600
Redis Lua Sandbox Escape
CVE-2022-0543CRITICALbajo ataque18 feb 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RIESGO
abrir
Metasploit300
Strapi CMS Unauthenticated Password Reset
CVE-2019-1881809 feb 2022
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Metasploit300
CVE-2022-21999 SpoolFool Privesc
CVE-2022-21999HIGHbajo ataqueransomware08 feb 2022
Windows Print Spooler Elevation of Privilege Vulnerability
98RIESGO
abrir
Metasploit200
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
CVE-2022-3491807 feb 2022
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buff
38RIESGO
abrir
Metasploit600
Docker cgroups Container Escape
CVE-2022-0492HIGHbajo ataque04 feb 2022
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Th
86RIESGO
abrir
Metasploit400
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
CVE-2022-20699CRITICALbajo ataque02 feb 2022
Cisco Small Business RV Series Routers Vulnerabilities
100RIESGO
abrir
Metasploit400
Zyxel Unauthenticated LAN Remote Code Execution
CVE-2023-28769CRITICAL01 feb 2022
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware v
43RIESGO
abrir
Metasploit600
Zyxel chained RCE using LFI and weak password derivation algorithm
CVE-2023-28770HIGH01 feb 2022
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmwa
48RIESGO
abrir
Metasploit300
Microweber CMS v1.2.10 Local File Inclusion (Authenticated)
CVE-2025-34076MEDIUM30 ene 2022
Microweber CMS Authenticated Local File Inclusion via Backup API
28RIESGO
abrir
Metasploit400
vmwgfx Driver File Descriptor Handling Priv Esc
CVE-2022-22942HIGH28 ene 2022
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to f
36RIESGO
abrir
Metasploit600
Spring Cloud Gateway Remote Code Execution
CVE-2022-22947CRITICALbajo ataque26 ene 2022
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.