Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2021-25298
CVE-2021-25298HIGHbajo ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir
Referência
CVE-2026-9377
SourceCodester SUP Online Shopping productedit.php cross site scripting
33RIESGO
abrir
Referência
CVE-2026-23760
CVE-2026-23760CRITICALbajo ataqueransomware
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RIESGO
abrir
Referência
CVE-2012-2122
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x befor
60RIESGO
abrir
Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
Referência
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RIESGO
abrir
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RIESGO
abrir
Referência
CVE-2022-24112
CVE-2022-24112CRITICALbajo ataque
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RIESGO
abrir
Referência
CVE-2022-24112
CVE-2022-24112CRITICALbajo ataque
apisix/batch-requests plugin allows overwriting the X-REAL-IP header
100RIESGO
abrir
Referência
CVE-2019-20085
CVE-2019-20085HIGHbajo ataque
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RIESGO
abrir
Referência
CVE-2019-20085
CVE-2019-20085HIGHbajo ataque
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RIESGO
abrir
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
CVE-2019-20500HIGHbajo ataque
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configura
93RIESGO
abrir
Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RIESGO
abrir
Referência
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RIESGO
abrir
Referência
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RIESGO
abrir
Referência
CVE-2015-4852
CVE-2015-4852CRITICALbajo ataque
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RIESGO
abrir
Referência
CVE-2015-4852
CVE-2015-4852CRITICALbajo ataque
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RIESGO
abrir
Referência
CVE-2015-4852
CVE-2015-4852CRITICALbajo ataque
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RIESGO
abrir
Referência
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execu
60RIESGO
abrir
Referência
CVE-2014-3871
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds
23RIESGO
abrir
Referência
CVE-2019-10068
CVE-2019-10068CRITICALbajo ataque
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RIESGO
abrir
Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RIESGO
abrir
Referência
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RIESGO
abrir
Referência
CVE-2026-7228
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
33RIESGO
abrir
Referência
CVE-2019-1652
CVE-2019-1652HIGHbajo ataque
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir
Referência
CVE-2019-1652
CVE-2019-1652HIGHbajo ataque
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir
Referência
CVE-2019-1652
CVE-2019-1652HIGHbajo ataque
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir
Referência
CVE-2019-1652
CVE-2019-1652HIGHbajo ataque
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir
Referência
CVE-2020-17530
CVE-2020-17530CRITICALbajo ataque
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.