Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Camaleon CMS Directory Traversal CVE-2024-46987
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir ↗Metasploit500
Asterisk AMI Originate Authenticated RCE
Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
36RIESGO
abrir ↗Metasploit300
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remo
100RIESGO
abrir ↗Metasploit600
Calibre Python Code Injection (CVE-2024-6782)
Calibre Remote Code Execution
85RIESGO
abrir ↗Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RIESGO
abrir ↗Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir ↗Metasploit600
Acronis Cyber Infrastructure default password remote code execution
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastruct
85RIESGO
abrir ↗Metasploit300
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RIESGO
abrir ↗Metasploit600
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
ProjectSend Unauthenticated Configuration Modification
100RIESGO
abrir ↗Metasploit600
Authenticated RCE in Splunk (splunk_archiver app)
Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
36RIESGO
abrir ↗Metasploit600
Geoserver unauthenticated Remote Code Execution
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir ↗Metasploit300
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
MOVEit Transfer Authentication Bypass Vulnerability
85RIESGO
abrir ↗Metasploit300
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)
65RIESGO
abrir ↗Metasploit500
vCenter Sudo Privilege Escalation
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An auth
36RIESGO
abrir ↗Metasploit300
Magento XXE Unserialize Arbitrary File Read
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir ↗Metasploit600
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
Win32k Elevation of Privilege Vulnerability
36RIESGO
abrir ↗Metasploit600
Windows Access Mode Mismatch LPE in ks.sys
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RIESGO
abrir ↗Metasploit600
PHP CGI Argument Injection Remote Code Execution
Argument Injection in PHP-CGI
100RIESGO
abrir ↗Metasploit300
Telerik Report Server Auth Bypass
Registration Authentication Bypass Vulnerability
100RIESGO
abrir ↗Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
Registration Authentication Bypass Vulnerability
100RIESGO
abrir ↗Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
Progress Telerik Report Server Deserialization
55RIESGO
abrir ↗Metasploit0
macOS PackageKit ZSH Environment Privilege Escalation
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to
36RIESGO
abrir ↗Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
Apache OFBiz: Path traversal leading to RCE
100RIESGO
abrir ↗Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
100RIESGO
abrir ↗Metasploit600
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RIESGO
abrir ↗Metasploit300
Ivanti EPM RecordGoodApp SQLi RCE
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated att
100RIESGO
abrir ↗Metasploit600
WordPress Hash Form Plugin RCE
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
75RIESGO
abrir ↗Metasploit600
Atlassian Confluence Administrator Code Macro Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RIESGO
abrir ↗Metasploit600
Cacti Import Packages RCE
Cacti RCE vulnerability when importing packages
85RIESGO
abrir ↗Metasploit600
DIAEnergie SQL Injection (CVE-2024-4548)
Delta Electronics DIAEnergie SQL Injection
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.