Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.002exploits catalogados
31.582CVEs con explotación pública
TodosExploit-DB 22.467Referência 19.780GitHub PoC 13.048VulnCheck XDB 8060Nuclei 4185Metasploit 3462recientespopularesriesgo
22.467 exploits
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir ↗Exploit-DB
scramble - Remote Code Execution
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RIESGO
abrir ↗Exploit-DB
EspoCRM 9.3.3 - SSRF
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RIESGO
abrir ↗Exploit-DB
Realtek rtl819x - Local Privilege
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perfo
41RIESGO
abrir ↗Exploit-DB
MeiG Smart FORGE_SLT711 - OS Command Injection
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthentica
53RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗Exploit-DB
Grav CMS 2.0.0-beta.2 - Remote Code Execution
Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
48RIESGO
abrir ↗Exploit-DB
cPanel - CRLF Injection
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗Exploit-DB
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
48RIESGO
abrir ↗Exploit-DB
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir ↗Exploit-DB
FUXA 1.2.9 - RCE
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RIESGO
abrir ↗Exploit-DB
Cockpit 359 - RCE
Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
68RIESGO
abrir ↗Exploit-DB
Windows Snipping Tool - NTLMv2 Hash Hijack
Windows Snipping Tool Spoofing Vulnerability
33RIESGO
abrir ↗Exploit-DB
PJPROJECT 2.16 - Heap Bufferoverflow
PJSIP has a heap buffer overflow in ICE with long username
41RIESGO
abrir ↗Exploit-DB
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
Authentication Bypass in ePati's Antikor NGFW
48RIESGO
abrir ↗Exploit-DB
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir ↗Exploit-DB
glances 4.5.2 - command injection
Glances Vulnerable to Command Injection via Dynamic Configuration Values
41RIESGO
abrir ↗Exploit-DB
coreruleset 4.21.0 - Firewall Bypass
OWASP CRS has multipart bypass using multiple content-type parts
53RIESGO
abrir ↗Exploit-DB
Ninja Forms Uploads - Unauthenticated PHP File Upload
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir ↗Exploit-DB
Flowise < 3.0.5 - Missing Authentication for Critical Function
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗Exploit-DB
ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
ThingsBoard < v4.2.1 SVG Image SSRF
33RIESGO
abrir ↗Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RIESGO
abrir ↗Exploit-DB
telnetd 2.7 - Buffer Overflow
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption
53RIESGO
abrir ↗Exploit-DB
Bludit CMS 3.18.4 - RCE
Remote Code Execution via Unrestricted File Upload in Bludit
41RIESGO
abrir ↗Exploit-DB
Windows 11 24H2 - Local Privilege Escalation
Windows HTTP.sys Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Exploit-DB
MindsDB 25.9.1.1 - Path Traversal
MindsDB has Path Traversal in /api/files Leading to Remote Code Execution
61RIESGO
abrir ↗Exploit-DB
Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (F
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.