Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Pandora FMS Events Remote Command Execution
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
40RIESGO
abrir ↗Metasploit300
Cisco 7937G Denial-of-Service Reboot Attack
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the de
40RIESGO
abrir ↗Metasploit300
Cisco 7937G Denial-of-Service Attack
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remot
23RIESGO
abrir ↗Metasploit300
Cisco 7937G SSH Privilege Escalation
A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to re
23RIESGO
abrir ↗Metasploit300
Directory Traversal in Spring Cloud Config Server
Directory Traversal with spring-cloud-config-server
100RIESGO
abrir ↗Metasploit300
Cisco DCNM auth bypass
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RIESGO
abrir ↗Metasploit300
Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
28RIESGO
abrir ↗Metasploit600
Geutebruck testaction.cgi Remote Command Execution
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code
30RIESGO
abrir ↗Metasploit300
BIND TSIG Badtime Query Denial of Service
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RIESGO
abrir ↗Metasploit600
LinuxKI Toolset 6.01 Remote Command Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RIESGO
abrir ↗Metasploit600
Plesk/myLittleAdmin ViewState .NET Deserialization
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcod
60RIESGO
abrir ↗Metasploit300
WordPress ChopSlider3 id SQLi Scanner
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RIESGO
abrir ↗Metasploit600
Wordpress Drag and Drop Multi File Uploader RCE
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RIESGO
abrir ↗Metasploit600
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir ↗Metasploit300
Plex Unpickle Dict Windows RCE
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb
100RIESGO
abrir ↗Metasploit500
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
36RIESGO
abrir ↗Metasploit300
WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions th
100RIESGO
abrir ↗Metasploit300
SaltStack Salt Master Server Root Key Disclosure
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir ↗Metasploit300
SaltStack Salt Master Server Root Key Disclosure
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir ↗Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir ↗Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir ↗Metasploit300
Wordpress LearnPress current_items Authenticated SQLi
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RIESGO
abrir ↗Metasploit600
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220
40RIESGO
abrir ↗Metasploit600
Netsweeper WebAdmin unixlogin.php Python Code Injection
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain
40RIESGO
abrir ↗Metasploit600
TrixBox CE endpoint_devicemap.php Authenticated Command Execution
Fonality Trixbox CE Post-Authentication Command Injection
48RIESGO
abrir ↗Metasploit600
GOG GalaxyClientService Privilege Escalation
GOG Galaxy GalaxyClientService Privilege Escalation
36RIESGO
abrir ↗Metasploit400
WordPress Simple File List Unauthenticated Remote Code Execution
Simple File List < 4.2.3 - Remote Code Execution
68RIESGO
abrir ↗Metasploit300
IBM Data Risk Manager Arbitrary File Download
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RIESGO
abrir ↗Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.