Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir ↗Metasploit600
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗Metasploit300
Wordpress RegistrationMagic task_ids Authenticated SQLi
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RIESGO
abrir ↗Metasploit600
Apache Couchdb Erlang RCE
Remote Code Execution Vulnerability in Packaging
100RIESGO
abrir ↗Metasploit600
Oracle Access Manager unauthenticated Remote Code Execution
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RIESGO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.
18RIESGO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by send
23RIESGO
abrir ↗Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the ta
18RIESGO
abrir ↗Metasploit600
SonicWall SMA 100 Series Authenticated Command Injection
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allo
58RIESGO
abrir ↗Metasploit300
WordPress Modern Events Calendar SQLi Scanner
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RIESGO
abrir ↗Metasploit600
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗Metasploit300
Log4Shell HTTP Scanner
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗Metasploit600
Log4Shell HTTP Header Injection
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗Metasploit600
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗Metasploit600
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗Metasploit300
Log4Shell HTTP Scanner
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RIESGO
abrir ↗Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
48RIESGO
abrir ↗Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir ↗Metasploit600
AjaxPro Deserialization Remote Code Execution
Deserialization of Untrusted Data
58RIESGO
abrir ↗Metasploit600
Ivanti Cloud Services Appliance (CSA) Command Injection
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
100RIESGO
abrir ↗Metasploit300
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RIESGO
abrir ↗Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
85RIESGO
abrir ↗Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
85RIESGO
abrir ↗Metasploit600
Sitecore Experience Platform (XP) PreAuth Deserialization RCE
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RIESGO
abrir ↗Metasploit300
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requir
41RIESGO
abrir ↗Metasploit300
WordPress WPS Hide Login Login Page Revealer
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RIESGO
abrir ↗Metasploit600
Zimbra zmslapd arbitrary module load
Zimbra zmslapd arbitrary module load
18RIESGO
abrir ↗Metasploit600
Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution
Shell Command Injection Vulnerability in Nimbus Thrift Server
40RIESGO
abrir ↗Metasploit300
BillQuick Web Suite txtID SQLi
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.