Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
MAC 1200R - Directory Traversal
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-stati
41RIESGO
abrir ↗Exploit-DB
IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)
IBM Aspera Faspex code execution
100RIESGO
abrir ↗Exploit-DB
NotrinosERP 0.7 - Authenticated Blind SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/s
23RIESGO
abrir ↗Exploit-DB
Intern Record System v1.0 - SQL Injection (Unauthenticated)
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType
48RIESGO
abrir ↗Exploit-DB
Music Gallery Site v1.0 - SQL Injection on page Master.php
SourceCodester Music Gallery Site GET Request Master.php sql injection
33RIESGO
abrir ↗Exploit-DB
Music Gallery Site v1.0 - Broken Access Control
SourceCodester Music Gallery Site POST Request Users.php access control
41RIESGO
abrir ↗Exploit-DB
Employee Task Management System v1.0 - Broken Authentication
SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
41RIESGO
abrir ↗Exploit-DB
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the
61RIESGO
abrir ↗Exploit-DB
Auto Dealer Management System 1.0 - Broken Access Control Exploit
SourceCodester Auto Dealer Management System Users.php access control
33RIESGO
abrir ↗Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
SourceCodester Auto Dealer Management System sql injection
33RIESGO
abrir ↗Exploit-DB
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in modoboa/modoboa
61RIESGO
abrir ↗Exploit-DB
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
41RIESGO
abrir ↗Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection
SourceCodester Auto Dealer Management System sql injection
33RIESGO
abrir ↗Exploit-DB
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
SourceCodester Employee Task Management System task-details.php sql injection
33RIESGO
abrir ↗Exploit-DB
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RIESGO
abrir ↗Exploit-DB
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' paramet
68RIESGO
abrir ↗Exploit-DB
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
SourceCodester Best POS Management System Image save_settings unrestricted upload
33RIESGO
abrir ↗Exploit-DB
ABUS Security Camera TVIP 20000-21150 - LFI_ RCE and SSH Root Access
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin
53RIESGO
abrir ↗Exploit-DB
Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
53RIESGO
abrir ↗Exploit-DB
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
SourceCodester Auto Dealer Management System sql injection
33RIESGO
abrir ↗Exploit-DB
Music Gallery Site v1.0 - SQL Injection on music_list.php
SourceCodester Music Gallery Site GET Request music_list.php sql injection
33RIESGO
abrir ↗Exploit-DB
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
SourceCodester Music Gallery Site GET Request view_music_details.php sql injection
33RIESGO
abrir ↗Exploit-DB
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
SourceCodester Simple Food Ordering System process_order.php cross site scripting
28RIESGO
abrir ↗Exploit-DB
Art Gallery Management System Project in PHP v 1.0 - SQL injection
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid par
23RIESGO
abrir ↗Exploit-DB
Dompdf 1.2.1 - Remote Code Execution (RCE)
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RIESGO
abrir ↗Exploit-DB
Employee Task Management System v1.0 - SQL Injection on edit-task.php
SourceCodester Simple Food Ordering System process_order.php cross site scripting
28RIESGO
abrir ↗Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RIESGO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - DoS
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RIESGO
abrir ↗Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.