Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2020-14871
CVE-2020-14871CRITICALbajo ataque
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RIESGO
abrir
Referência
CVE-2020-14871
CVE-2020-14871CRITICALbajo ataque
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RIESGO
abrir
Referência
CVE-2020-14871
CVE-2020-14871CRITICALbajo ataque
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RIESGO
abrir
Referência
CVE-2023-22952
CVE-2023-22952HIGHbajo ataque
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RIESGO
abrir
Referência
Ubuntu 6.06 - DHCPd Remote Denial of Service
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some othe
45RIESGO
abrir
Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir
Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir
Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir
Referência
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir
Referência
OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and
60RIESGO
abrir
Referência
CVE-2017-16666
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RIESGO
abrir
Referência
CVE-2017-16666
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RIESGO
abrir
Referência
CVE-2014-4872
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RIESGO
abrir
Referência
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbi
45RIESGO
abrir
Referência
CVE-2016-6563
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
60RIESGO
abrir
Referência
CVE-2018-18809
CVE-2018-18809CRITICALbajo ataque
TIBCO JasperReports Library Directory Traversal Vulnerability
100RIESGO
abrir
Referência
CVE-2015-3043
CVE-2015-3043HIGHbajo ataque
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
100RIESGO
abrir
Referência
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RIESGO
abrir
Referência
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RIESGO
abrir
Referência
CVE-2021-42362
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RIESGO
abrir
Referência
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RIESGO
abrir
Referência
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RIESGO
abrir
Referência
WebCalendar 1.2.4 - Remote Code Execution
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user
60RIESGO
abrir
Referência
CVE-2014-7866
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and
45RIESGO
abrir
Referência
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RIESGO
abrir
Referência
CVE-2016-7201
CVE-2016-7201HIGHbajo ataque
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RIESGO
abrir
Referência
CVE-2016-7201
CVE-2016-7201HIGHbajo ataque
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RIESGO
abrir
Referência
CVE-2016-7201
CVE-2016-7201HIGHbajo ataque
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RIESGO
abrir
Referência
CVE-2016-2555
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RIESGO
abrir
Referência
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire I
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.