Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticat
23RIESGO
abrir ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RIESGO
abrir ↗Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RIESGO
abrir ↗Exploit-DB
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
23RIESGO
abrir ↗Exploit-DB
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS
23RIESGO
abrir ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir ↗Exploit-DB
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
28RIESGO
abrir ↗Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir ↗Exploit-DB
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbi
23RIESGO
abrir ↗Exploit-DB
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS
76RIESGO
abrir ↗Exploit-DB
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter
23RIESGO
abrir ↗Exploit-DB
CMS Made Simple < 2.2.10 - SQL Injection
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗Exploit-DB
LimeSurvey < 3.16 - Remote Code Execution
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar://
28RIESGO
abrir ↗Exploit-DB
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RIESGO
abrir ↗Exploit-DB
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and loca
28RIESGO
abrir ↗Exploit-DB
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RIESGO
abrir ↗Exploit-DB
i-doit 1.12 - 'qr.php' Cross-Site Scripting
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
23RIESGO
abrir ↗Exploit-DB
Fat Free CRM 0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to th
23RIESGO
abrir ↗Exploit-DB
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RIESGO
abrir ↗Exploit-DB
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RIESGO
abrir ↗Exploit-DB
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects w
28RIESGO
abrir ↗Exploit-DB
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
Rukovoditel before 2.4.1 allows XSS.
23RIESGO
abrir ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately
23RIESGO
abrir ↗Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Manageme
28RIESGO
abrir ↗Exploit-DB
Canarytokens 2019-03-01 - Detection Bypass
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timesta
28RIESGO
abrir ↗Exploit-DB
Rails 5.2.1 - Arbitrary File Content Disclosure
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where spe
100RIESGO
abrir ↗Exploit-DB
DVD X Player 5.5.3 - '.plf' Buffer Overflow
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
23RIESGO
abrir ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnera
23RIESGO
abrir ↗Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpag
23RIESGO
abrir ↗Exploit-DB
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.