Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
19.841 exploits
Referência
CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a
35RIESGO
abrir
Referência
CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a
35RIESGO
abrir
Referência
CVE-2015-4553
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
35RIESGO
abrir
Referência
CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in msh
60RIESGO
abrir
Referência
CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in msh
60RIESGO
abrir
Referência
CVE-2017-6527
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal att
50RIESGO
abrir
Referência
Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 200
35RIESGO
abrir
Referência
Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 200
35RIESGO
abrir
Referência
CVE-2015-3080
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
35RIESGO
abrir
Referência
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RIESGO
abrir
Referência
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RIESGO
abrir
Referência
Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Remote Buffer Overflow
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used
50RIESGO
abrir
Referência
CVE-2016-0784
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1
35RIESGO
abrir
Referência
CVE-2016-0784
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1
35RIESGO
abrir
Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RIESGO
abrir
Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RIESGO
abrir
Referência
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RIESGO
abrir
Referência
Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSC
35RIESGO
abrir
Referência
CVE-2015-1701
CVE-2015-1701HIGHbajo ataqueransomware
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RIESGO
abrir
Referência
CVE-2015-1701
CVE-2015-1701HIGHbajo ataqueransomware
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RIESGO
abrir
Referência19
watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
75RIESGO
abrir
Referência
CVE-2015-0313
CVE-2015-0313HIGHbajo ataque
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows
100RIESGO
abrir
Referência
CVE-2013-1469
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbit
35RIESGO
abrir
Referência
TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RIESGO
abrir
Referência
CVE-2017-6019
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830
35RIESGO
abrir
Referência
CVE-2013-1469
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbit
35RIESGO
abrir
Referência
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
Referência
CVE-2010-1472
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attac
43RIESGO
abrir
Referência
CVE-2010-2115
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted
50RIESGO
abrir
Referência
CVE-2019-5825
CVE-2019-5825MEDIUMbajo ataque
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.