Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Wordpress Plugin Catch Themes Demo Import RCE
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
48RIESGO
abrir ↗Metasploit400
Win32k NtGdiResetDC Use After Free Local Privilege Elevation
Win32k Elevation of Privilege Vulnerability
100RIESGO
abrir ↗Metasploit600
WordPress Plugin Pie Register Auth Bypass to RCE
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RIESGO
abrir ↗Metasploit300
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RIESGO
abrir ↗Metasploit600
ManageEngine ADAudit Plus Authenticated File Write RCE
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
40RIESGO
abrir ↗Metasploit600
Microsoft Office Word Malicious MSHTML RCE
Microsoft MSHTML Remote Code Execution Vulnerability
100RIESGO
abrir ↗Metasploit600
VMware vCenter Server Analytics (CEIP) Service File Upload
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RIESGO
abrir ↗Metasploit0
VMware vCenter vScalation Priv Esc
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
18RIESGO
abrir ↗Metasploit600
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RIESGO
abrir ↗Metasploit300
Wordpress BulletProof Security Backup Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir ↗Metasploit600
ManageEngine ServiceDesk Plus CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RIESGO
abrir ↗Metasploit600
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Elevation of Privilege Vulnerability
91RIESGO
abrir ↗Metasploit600
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
100RIESGO
abrir ↗Metasploit600
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RIESGO
abrir ↗Metasploit300
Netgear PNPX_GetShareFolderList Authentication Bypass
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021
33RIESGO
abrir ↗Metasploit300
WordPress Plugin Automatic Config Change to RCE
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RIESGO
abrir ↗Metasploit600
Atlassian Confluence WebWork OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir ↗Metasploit300
Canon Driver Privilege Escalation
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer pro
18RIESGO
abrir ↗Metasploit300
Pi-Hole Top Domains API Authenticated Exec
(Authenticated) Remote Code Execution Possible in Web Interface 5.5
48RIESGO
abrir ↗Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RIESGO
abrir ↗Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RIESGO
abrir ↗Metasploit300
Elasticsearch Memory Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RIESGO
abrir ↗Metasploit300
Windows SAM secrets leak - HiveNightmare
Windows Elevation of Privilege Vulnerability
98RIESGO
abrir ↗Metasploit300
Lexmark Driver Privilege Escalation
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below,
18RIESGO
abrir ↗Metasploit600
Nagios XI Autodiscovery Webshell Upload
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post au
23RIESGO
abrir ↗Metasploit300
Jetty WEB-INF File Disclosure
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RIESGO
abrir ↗Metasploit300
Jetty WEB-INF File Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RIESGO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE
48RIESGO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
48RIESGO
abrir ↗Metasploit600
Geutebruck Multiple Remote Command Execution
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.