Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
23RIESGO
abrir ↗Exploit-DB
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RIESGO
abrir ↗Exploit-DB
BlackCat CMS 1.3.6 - Cross-Site Request Forgery
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote
23RIESGO
abrir ↗Exploit-DB
Mida eFramework 2.9.0 - Back Door Access
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restric
28RIESGO
abrir ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php woul
23RIESGO
abrir ↗Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
35RIESGO
abrir ↗Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RIESGO
abrir ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with th
23RIESGO
abrir ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page ma
23RIESGO
abrir ↗Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.
23RIESGO
abrir ↗Exploit-DB
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RIESGO
abrir ↗Exploit-DB
Piwigo 2.10.1 - Cross Site Scripting
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
28RIESGO
abrir ↗Exploit-DB
ThinkAdmin 6 - Arbitrarily File Read
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RIESGO
abrir ↗Exploit-DB
CuteNews 2.1.2 - Remote Code Execution
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RIESGO
abrir ↗Exploit-DB
ZTE Router F602W - Captcha Bypass
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could lo
23RIESGO
abrir ↗Exploit-DB
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in
35RIESGO
abrir ↗Exploit-DB
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve
28RIESGO
abrir ↗Exploit-DB
Mida eFramework 2.9.0 - Remote Code Execution
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RIESGO
abrir ↗Exploit-DB
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many
40RIESGO
abrir ↗Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir ↗Exploit-DB
Artica Proxy 4.3.0 - Authentication Bypass
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RIESGO
abrir ↗Exploit-DB
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer
28RIESGO
abrir ↗Exploit-DB
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RIESGO
abrir ↗Exploit-DB
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RIESGO
abrir ↗Exploit-DB
Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.
23RIESGO
abrir ↗Exploit-DB
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RIESGO
abrir ↗Exploit-DB
Bio Star 2.8.2 - Local File Inclusion
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary fi
50RIESGO
abrir ↗Exploit-DB
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe we
28RIESGO
abrir ↗Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RIESGO
abrir ↗Exploit-DB
Rails 5.0.1 - Remote Code Execution
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.