Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
WebKitGTK+ WebKitFaviconDatabase DoS
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RIESGO
abrir ↗Metasploit600
Quest KACE Systems Management Command Injection
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RIESGO
abrir ↗Metasploit300
Dolibarr Gather Credentials via SQL Injection
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RIESGO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and
60RIESGO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be r
43RIESGO
abrir ↗Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM
50RIESGO
abrir ↗Metasploit500
VLC Media Player MKV Use After Free
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RIESGO
abrir ↗Metasploit600
Windscribe WindscribeService Named Pipe Privilege Escalation
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RIESGO
abrir ↗Metasploit300
MimiPenguin
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned f
18RIESGO
abrir ↗Metasploit600
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RIESGO
abrir ↗Metasploit400
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RIESGO
abrir ↗Metasploit600
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa
43RIESGO
abrir ↗Metasploit300
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RIESGO
abrir ↗Metasploit600
osCommerce Installer Unauthenticated Code Execution
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RIESGO
abrir ↗Metasploit600
GitList v0.6.0 Argument Injection Vulnerability
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RIESGO
abrir ↗Metasploit600
Apache Tika Header Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir ↗Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RIESGO
abrir ↗Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RIESGO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RIESGO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RIESGO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RIESGO
abrir ↗Metasploit0
Oracle Weblogic Server Deserialization RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
100RIESGO
abrir ↗Metasploit0
Nagios XI Chained Remote Code Execution
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RIESGO
abrir ↗Metasploit600
Pi-Hole Whitelist OS Command Execution
Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
63RIESGO
abrir ↗Metasploit600
H2 Web Interface Create Alias RCE
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can
30RIESGO
abrir ↗Metasploit600
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir ↗Metasploit0
Safari Webkit Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS be
43RIESGO
abrir ↗Metasploit600
Mac OS X libxpc MITM Privilege Escalation
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS b
43RIESGO
abrir ↗Metasploit0
Safari Webkit Proxy Object Type Confusion
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RIESGO
abrir ↗Metasploit0
Safari Proxy Object Type Confusion
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improve
61RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.