Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir ↗Exploit-DB
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginn
23RIESGO
abrir ↗Exploit-DB
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a ref
60RIESGO
abrir ↗Exploit-DB
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RIESGO
abrir ↗Exploit-DB
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
93RIESGO
abrir ↗Exploit-DB
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir ↗Exploit-DB
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
23RIESGO
abrir ↗Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir ↗Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability
33RIESGO
abrir ↗Exploit-DB
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to re
53RIESGO
abrir ↗Exploit-DB
TotalAV 2020 4.14.31 - Privilege Escalation
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junctio
23RIESGO
abrir ↗Exploit-DB
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
85RIESGO
abrir ↗Exploit-DB
Cisco DCNM JBoss 10.4 - Credential Leakage
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
33RIESGO
abrir ↗Exploit-DB
JetBrains TeamCity 2018.2.4 - Remote Code Execution
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in
28RIESGO
abrir ↗Exploit-DB
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported ve
28RIESGO
abrir ↗Exploit-DB
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Win
76RIESGO
abrir ↗Exploit-DB
piSignage 2.6.4 - Directory Traversal
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user)
23RIESGO
abrir ↗Exploit-DB
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
Windows Elevation of Privilege Vulnerability
55RIESGO
abrir ↗Exploit-DB
nostromo 1.9.6 - Remote Code Execution
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RIESGO
abrir ↗Exploit-DB
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iO
23RIESGO
abrir ↗Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RIESGO
abrir ↗Exploit-DB
OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RIESGO
abrir ↗Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RIESGO
abrir ↗Exploit-DB
FreeBSD-SA-19:02.fd - Privilege Escalation
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEAS
23RIESGO
abrir ↗Exploit-DB
Django < 3.0 < 2.2 < 1.11 - Account Hijack
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address
35RIESGO
abrir ↗Exploit-DB
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker ca
43RIESGO
abrir ↗Exploit-DB
OpenMRS - Java Deserialization RCE (Metasploit)
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RIESGO
abrir ↗Exploit-DB
Telerik UI - Remote Code Execution via Insecure Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RIESGO
abrir ↗Exploit-DB
OpenBSD 6.x - Dynamic Loader Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RIESGO
abrir ↗Exploit-DB
Roxy Fileman 1.4.5 - Directory Traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary loc
28RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.