Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
19.841 exploits
Referência
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RIESGO
abrir
Referência
CVE-2018-18982
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RIESGO
abrir
Referência
PHP-Nuke 8.0 Final - HTTP Referers SQL Injection
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" blo
35RIESGO
abrir
Referência
CVE-2015-7603
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via
50RIESGO
abrir
Referência
CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RIESGO
abrir
Referência
CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RIESGO
abrir
Referência
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
45RIESGO
abrir
Referência
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, contro
50RIESGO
abrir
Referência
CVE-2012-4333
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
50RIESGO
abrir
Referência
CVE-2016-20017
CVE-2016-20017CRITICALbajo ataque
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RIESGO
abrir
Referência
CVE-2017-5941
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RIESGO
abrir
Referência
CVE-2017-5941
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RIESGO
abrir
Referência
CVE-2025-40553
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
60RIESGO
abrir
Referência
CVE-2021-24499
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RIESGO
abrir
Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RIESGO
abrir
Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RIESGO
abrir
Referência
CVE-2017-15222
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RIESGO
abrir
Referência
CVE-2016-3074
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of
35RIESGO
abrir
Referência
XLAtunes 0.1 - 'album' SQL Injection
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL com
23RIESGO
abrir
Referência
CVE-2019-17662
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RIESGO
abrir
Referência
CVE-2010-2333
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RIESGO
abrir
Referência
CVE-2020-3250
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
75RIESGO
abrir
Referência
CVE-2011-0257
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a deni
50RIESGO
abrir
Referência
AnyInventory 2.0 - 'Environment.php' Remote File Inclusion
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabl
35RIESGO
abrir
Referência
CVE-2014-10021
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RIESGO
abrir
Referência
CVE-2019-5485
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be inje
35RIESGO
abrir
Referência
CVE-2017-11841
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio
35RIESGO
abrir
Referência
CVE-2017-11870
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the
35RIESGO
abrir
Referência
CVE-2016-3074
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of
35RIESGO
abrir
Referência
CVE-2018-7314
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerabil
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.