Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Apache Flink JobManager Traversal
CVE-2020-17519CRITICALbajo ataque05 ene 2021
Apache Flink directory traversal attack: reading remote files through the REST API
100RIESGO
abrir
Metasploit600
Klog Server authenticate.php user Unauthenticated Command Injection
CVE-2020-3572927 dic 2020
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RIESGO
abrir
Metasploit600
Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection
CVE-2020-3557819 dic 2020
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RIESGO
abrir
Metasploit600
HPE Systems Insight Manager AMF Deserialization RCE
CVE-2020-720015 dic 2020
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerabili
40RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-3566512 dic 2020
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RIESGO
abrir
Metasploit300
WordPress Total Upkeep Unauthenticated Backup Downloader
CVE-2020-36848HIGH12 dic 2020
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
36RIESGO
abrir
Metasploit600
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
CVE-2020-2818812 dic 2020
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inje
40RIESGO
abrir
Metasploit600
APISIX Admin API default access token RCE
CVE-2022-24112CRITICALbajo ataque07 dic 2020
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RIESGO
abrir
Metasploit600
APISIX Admin API default access token RCE
CVE-2020-1394507 dic 2020
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the
40RIESGO
abrir
Metasploit300
WordPress Easy WP SMTP Password Reset
CVE-2020-3523406 dic 2020
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RIESGO
abrir
Metasploit300
KOFFEE - Kia OFFensivE Exploit
CVE-2020-853902 dic 2020
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an atta
18RIESGO
abrir
Metasploit600
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
CVE-2020-724621 nov 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RIESGO
abrir
Metasploit0
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
CVE-2020-1604019 nov 2020
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RIESGO
abrir
Metasploit600
OpenTSDB 2.4.0 unauthenticated command injection
CVE-2020-3547618 nov 2020
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RIESGO
abrir
Metasploit0
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
CVE-2020-2695018 nov 2020
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable
30RIESGO
abrir
Metasploit600
PEAR Archive_Tar 1.4.10 Arbitrary File Write
CVE-2020-28949HIGHbajo ataque17 nov 2020
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RIESGO
abrir
Metasploit600
Monitorr unauthenticated Remote Code Execution (RCE)
CVE-2020-2887116 nov 2020
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the s
40RIESGO
abrir
Metasploit600
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
CVE-2020-36849CRITICAL14 nov 2020
AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload
43RIESGO
abrir
Metasploit600
Acronis TrueImage XPC Privilege Escalation
CVE-2020-2573611 nov 2020
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC
18RIESGO
abrir
Metasploit300
Abandoned Cart for WooCommerce SQLi Scanner
CVE-2025-47608CRITICAL05 nov 2020
WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability
43RIESGO
abrir
Metasploit600
Git Remote Code Execution via git-lfs (CVE-2020-27955)
CVE-2020-2795504 nov 2020
Git LFS 2.12.0 allows Remote Code Execution.
40RIESGO
abrir
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-2559203 nov 2020
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authent
30RIESGO
abrir
Metasploit600
SaltStack Salt REST API Arbitrary Command Execution
CVE-2020-16846CRITICALbajo ataque03 nov 2020
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH clien
100RIESGO
abrir
Metasploit600
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
CVE-2020-7384HIGH29 oct 2020
Client-Side Command Injection in Rapid7 Metasploit
68RIESGO
abrir
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11853HIGH28 oct 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RIESGO
abrir
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-1185528 oct 2020
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
18RIESGO
abrir
Metasploit600
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
CVE-2020-11853HIGH28 oct 2020
Arbitrary code execution vulnerability on multiple Micro Focus products
58RIESGO
abrir
Metasploit600
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
CVE-2020-11858HIGH28 oct 2020
Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
36RIESGO
abrir
Metasploit600
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
CVE-2020-11854CRITICAL28 oct 2020
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
85RIESGO
abrir
Metasploit600
Pulse Secure VPN gzip RCE
CVE-2020-8260HIGHbajo ataque26 oct 2020
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.