Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Spring Cloud Gateway Remote Code Execution
CVE-2022-22947CRITICALbajo ataque26 ene 2022
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
Metasploit600
Local Privilege Escalation in polkits pkexec
CVE-2021-4034HIGHbajo ataque25 ene 2022
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
Metasploit300
Wordpress RegistrationMagic task_ids Authenticated SQLi
CVE-2021-2486223 ene 2022
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RIESGO
abrir
Metasploit600
Apache Couchdb Erlang RCE
CVE-2022-24706CRITICALbajo ataque21 ene 2022
Remote Code Execution Vulnerability in Packaging
100RIESGO
abrir
Metasploit600
Oracle Access Manager unauthenticated Remote Code Execution
CVE-2021-35587CRITICALbajo ataque19 ene 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported ver
95RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4583924 dic 2021
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.
18RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4583724 dic 2021
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by send
23RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
CVE-2021-4584124 dic 2021
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the ta
18RIESGO
abrir
Metasploit600
SonicWall SMA 100 Series Authenticated Command Injection
CVE-2021-20039HIGH14 dic 2021
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allo
58RIESGO
abrir
Metasploit300
WordPress Modern Events Calendar SQLi Scanner
CVE-2021-2494613 dic 2021
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RIESGO
abrir
Metasploit600
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALbajo ataqueransomware12 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Metasploit300
Log4Shell HTTP Scanner
CVE-2021-44228CRITICALbajo ataqueransomware09 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Metasploit600
Log4Shell HTTP Header Injection
CVE-2021-44228CRITICALbajo ataqueransomware09 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Metasploit600
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALbajo ataqueransomware09 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Metasploit600
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
CVE-2021-44228CRITICALbajo ataqueransomware09 dic 2021
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Metasploit300
Log4Shell HTTP Scanner
CVE-2021-45046CRITICALbajo ataqueransomware09 dic 2021
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RIESGO
abrir
Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
CVE-2022-23277HIGH09 dic 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
48RIESGO
abrir
Metasploit600
Microsoft Exchange Server ChainedSerializationBinder RCE
CVE-2021-42321HIGHbajo ataqueransomware09 dic 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
AjaxPro Deserialization Remote Code Execution
CVE-2021-23758HIGH03 dic 2021
Deserialization of Untrusted Data
58RIESGO
abrir
Metasploit600
Ivanti Cloud Services Appliance (CSA) Command Injection
CVE-2021-44529CRITICALbajo ataqueransomware02 dic 2021
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
100RIESGO
abrir
Metasploit300
Grafana Plugin Path Traversal
CVE-2021-43798HIGHbajo ataque02 dic 2021
Grafana path traversal
100RIESGO
abrir
Metasploit300
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
CVE-2021-2493108 nov 2021
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RIESGO
abrir
Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
CVE-2022-20705CRITICAL02 nov 2021
Cisco Small Business RV Series Routers Vulnerabilities
85RIESGO
abrir
Metasploit600
Cisco RV Series Authentication Bypass and Command Injection
CVE-2022-20707CRITICAL02 nov 2021
Cisco Small Business RV Series Routers Vulnerabilities
85RIESGO
abrir
Metasploit600
Sitecore Experience Platform (XP) PreAuth Deserialization RCE
CVE-2021-42237CRITICALbajo ataqueransomware02 nov 2021
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it
100RIESGO
abrir
Metasploit300
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
CVE-2021-43258HIGH30 oct 2021
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requir
41RIESGO
abrir
Metasploit300
WordPress WPS Hide Login Login Page Revealer
CVE-2021-2491727 oct 2021
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RIESGO
abrir
Metasploit600
Zimbra zmslapd arbitrary module load
CVE-2022-3739327 oct 2021
Zimbra zmslapd arbitrary module load
18RIESGO
abrir
Metasploit600
Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution
CVE-2021-3829425 oct 2021
Shell Command Injection Vulnerability in Nimbus Thrift Server
40RIESGO
abrir
Metasploit300
BillQuick Web Suite txtID SQLi
CVE-2021-42258CRITICALbajo ataqueransomware22 oct 2021
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution
95RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.