Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
WebKitGTK+ WebKitFaviconDatabase DoS
CVE-2018-1164603 jun 2018
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RIESGO
abrir
Metasploit600
Quest KACE Systems Management Command Injection
CVE-2018-11138CRITICALbajo ataqueransomware31 may 2018
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RIESGO
abrir
Metasploit300
Dolibarr Gather Credentials via SQL Injection
CVE-2018-1009430 may 2018
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RIESGO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-1612MEDIUM28 may 2018
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and
60RIESGO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2016-972228 may 2018
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be r
43RIESGO
abrir
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-141828 may 2018
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM
50RIESGO
abrir
Metasploit500
VLC Media Player MKV Use After Free
CVE-2018-1152924 may 2018
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RIESGO
abrir
Metasploit600
Windscribe WindscribeService Named Pipe Privilege Escalation
CVE-2018-1147924 may 2018
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RIESGO
abrir
Metasploit300
MimiPenguin
CVE-2018-2078123 may 2018
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned f
18RIESGO
abrir
Metasploit600
DHCP Client Command Injection (DynoRoot)
CVE-2018-1111HIGH15 may 2018
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RIESGO
abrir
Metasploit400
Windows SetImeInfoEx Win32k NULL Pointer Dereference
CVE-2018-8120HIGHbajo ataqueransomware09 may 2018
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RIESGO
abrir
Metasploit600
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
CVE-2018-889708 may 2018
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa
43RIESGO
abrir
Metasploit300
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
CVE-2018-1058301 may 2018
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RIESGO
abrir
Metasploit600
osCommerce Installer Unauthenticated Code Execution
CVE-2018-25114CRITICAL30 abr 2018
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RIESGO
abrir
Metasploit600
GitList v0.6.0 Argument Injection Vulnerability
CVE-2018-100053326 abr 2018
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RIESGO
abrir
Metasploit600
Apache Tika Header Command Injection
CVE-2018-133525 abr 2018
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-995820 abr 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RIESGO
abrir
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-994820 abr 2018
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RIESGO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873317 abr 2018
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RIESGO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873517 abr 2018
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RIESGO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873617 abr 2018
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RIESGO
abrir
Metasploit0
Oracle Weblogic Server Deserialization RCE
CVE-2018-2628CRITICALbajo ataque17 abr 2018
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
100RIESGO
abrir
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873417 abr 2018
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RIESGO
abrir
Metasploit600
Pi-Hole Whitelist OS Command Execution
CVE-2025-34087CRITICAL15 abr 2018
Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
63RIESGO
abrir
Metasploit600
H2 Web Interface Create Alias RCE
CVE-2018-1005409 abr 2018
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can
30RIESGO
abrir
Metasploit600
Drupal Drupalgeddon 2 Forms API Property Injection
CVE-2018-7600CRITICALbajo ataqueransomware28 mar 2018
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2017-1386115 mar 2018
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS be
43RIESGO
abrir
Metasploit600
Mac OS X libxpc MITM Privilege Escalation
CVE-2018-423715 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS b
43RIESGO
abrir
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2018-4233HIGH15 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RIESGO
abrir
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4404HIGH15 mar 2018
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improve
61RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.