Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RIESGO
abrir ↗Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RIESGO
abrir ↗Metasploit600
Optergy Proton and Enterprise BMS Command Injection using a backdoor
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RIESGO
abrir ↗Metasploit600
Windows Update Orchestrator unchecked ScheduleWork call
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file oper
30RIESGO
abrir ↗Metasploit600
Microsoft Spooler Local Privilege Elevation Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Metasploit300
Microsoft Spooler Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writin
43RIESGO
abrir ↗Metasploit600
FreeSWITCH Event Socket Command Execution
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
43RIESGO
abrir ↗Metasploit0
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RIESGO
abrir ↗Metasploit600
Linear eMerge E3-Series Access Controller Command Injection
Linear eMerge E3-Series devices allow Command Injections.
100RIESGO
abrir ↗Metasploit600
Apache Solr Remote Code Execution via Velocity Template
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RIESGO
abrir ↗Metasploit600
rConfig install Command Execution
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RIESGO
abrir ↗Metasploit400
Nostromo Directory Traversal Remote Command Execution
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RIESGO
abrir ↗Metasploit300
ThinVNC Directory Traversal
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RIESGO
abrir ↗Metasploit600
Solaris xscreensaver log Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RIESGO
abrir ↗Metasploit600
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RIESGO
abrir ↗Metasploit300
File Sharing Wizard - POST SEH Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RIESGO
abrir ↗Metasploit600
vBulletin widgetConfig RCE
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RIESGO
abrir ↗Metasploit600
PHPStudy Backdoor Remote Code execution
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability
63RIESGO
abrir ↗Metasploit600
Micro Focus (HPE) Data Protector SUID Privilege Escalation
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RIESGO
abrir ↗Metasploit600
Bludit Directory Traversal Image File Upload Vulnerability
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir ↗Metasploit300
Metasploit HTTP(S) handler DoS
Rapid7 Metasploit HTTP Handler Denial of Service
48RIESGO
abrir ↗Metasploit600
Total.js CMS 12 Widget JavaScript Code Injection
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RIESGO
abrir ↗Metasploit600
Plantronics Hub SpokesUpdateService Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RIESGO
abrir ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
48RIESGO
abrir ↗Metasploit600
Cisco UCS Director default scpuser password
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RIESGO
abrir ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RIESGO
abrir ↗Metasploit300
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat
30RIESGO
abrir ↗Metasploit600
Webmin password_change.cgi Backdoor
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.