Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Technicolor TD5130.2 - Remote Command Execution
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Comm
28RIESGO
abrir ↗Exploit-DB
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An
23RIESGO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSe
23RIESGO
abrir ↗Exploit-DB
Prima Access Control 2.3.35 - Arbitrary File Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when
28RIESGO
abrir ↗Exploit-DB
Atlassian Confluence 6.15.1 - Directory Traversal
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Arbitrary File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
35RIESGO
abrir ↗Exploit-DB
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
28RIESGO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious Jav
23RIESGO
abrir ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RIESGO
abrir ↗Exploit-DB
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
23RIESGO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Username Enumeration
Computrols CBAS 18.0.0 allows Username Enumeration.
23RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Cross-Site Request Forgery
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
28RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Privilege Escalation
Linear eMerge E3-Series devices allow File Inclusion.
60RIESGO
abrir ↗Exploit-DB
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied
23RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3-Series devices allow Command Injections.
100RIESGO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
23RIESGO
abrir ↗Exploit-DB
Optergy 2.3.0a - Remote Code Execution
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
28RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
Linear eMerge E3-Series devices allow XSS.
50RIESGO
abrir ↗Exploit-DB
CBAS-Web 19.0.0 - Information Disclosure
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
23RIESGO
abrir ↗Exploit-DB
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being ret
23RIESGO
abrir ↗Exploit-DB
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could mo
28RIESGO
abrir ↗Exploit-DB
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
Linear eMerge E3-Series devices allow File Inclusion.
60RIESGO
abrir ↗Exploit-DB
Optergy 2.3.0a - Username Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
28RIESGO
abrir ↗Exploit-DB
eMerge50P 5000P 4.6.07 - Remote Code Execution
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
35RIESGO
abrir ↗Exploit-DB
FlexAir Access Control 2.3.35 - Authentication Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash valu
28RIESGO
abrir ↗Exploit-DB
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and passw
23RIESGO
abrir ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RIESGO
abrir ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RIESGO
abrir ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RIESGO
abrir ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
An out-of-bounds read was addressed with improved input validation.
28RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.