Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RIESGO
abrir
Referência
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RIESGO
abrir
Referência
CVE-2023-4911
CVE-2023-4911HIGHbajo ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
Referência
CVE-2023-4911
CVE-2023-4911HIGHbajo ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
Referência
glibc 2.38 - Buffer Overflow
CVE-2023-4911HIGHbajo ataque
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
Referência
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
60RIESGO
abrir
Referência
CVE-2017-0070
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling object
45RIESGO
abrir
Referência
CVE-2021-39312
True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
78RIESGO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RIESGO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RIESGO
abrir
Referência
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RIESGO
abrir
Referência
CVE-2021-1732
CVE-2021-1732HIGHbajo ataqueransomware
Windows Win32k Elevation of Privilege Vulnerability
100RIESGO
abrir
Referência
CVE-2021-1732
CVE-2021-1732HIGHbajo ataqueransomware
Windows Win32k Elevation of Privilege Vulnerability
100RIESGO
abrir
Referência34
CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
85RIESGO
abrir
Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RIESGO
abrir
Referência
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RIESGO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Referência
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Referência
CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RIESGO
abrir
Referência
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RIESGO
abrir
Referência
TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in
60RIESGO
abrir
Referência
CVE-2019-9851
LibreLogo global-event script execution
60RIESGO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir
Referência
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir
Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RIESGO
abrir
Referência
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RIESGO
abrir
Referência
CVE-2013-1347
CVE-2013-1347HIGHbajo ataque
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.