Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.105exploits catalogados
31.648CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.107VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
IBM Data Risk Manager Arbitrary File Download
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RIESGO
abrir ↗Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RIESGO
abrir ↗Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary co
85RIESGO
abrir ↗Metasploit600
IBM Data Risk Manager a3user Default Password
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RIESGO
abrir ↗Metasploit300
SpamTitan Unauthenticated RCE
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RIESGO
abrir ↗Metasploit0
Kibana Upgrade Assistant Telemetry Collector Prototype Pollution
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authen
23RIESGO
abrir ↗Metasploit600
Cisco UCS Director Cloupia Script RCE
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
85RIESGO
abrir ↗Metasploit300
Veeam ONE Agent .NET Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
85RIESGO
abrir ↗Metasploit600
Cisco UCS Director Cloupia Script RCE
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
75RIESGO
abrir ↗Metasploit300
Veeam ONE Agent .NET Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
75RIESGO
abrir ↗Metasploit300
Zen Load Balancer Directory Traversal
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attac
18RIESGO
abrir ↗Metasploit300
VMware vCenter Server vmdir Authentication Bypass
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RIESGO
abrir ↗Metasploit300
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RIESGO
abrir ↗Metasploit300
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relati
23RIESGO
abrir ↗Metasploit300
LimeSurvey Zip Path Traversals
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RIESGO
abrir ↗Metasploit600
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RIESGO
abrir ↗Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an atta
18RIESGO
abrir ↗Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpo
23RIESGO
abrir ↗Metasploit400
Pi-Hole DHCP MAC OS Command Execution
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RIESGO
abrir ↗Metasploit600
GitLab File Read Remote Code Execution
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
30RIESGO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer
61RIESGO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the sl
40RIESGO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware
48RIESGO
abrir ↗Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Arch
68RIESGO
abrir ↗Metasploit600
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RIESGO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
40RIESGO
abrir ↗Metasploit600
macOS cfprefsd Arbitrary File Write Local Privilege Escalation
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Cata
18RIESGO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able
18RIESGO
abrir ↗Metasploit0
Safari in Operator Side Effect Exploit
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may ca
18RIESGO
abrir ↗Metasploit600
VMware Fusion USB Arbitrator Setuid Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
86RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.