Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Ollama Model Registry Path Traversal RCE
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RIESGO
abrir ↗Metasploit600
Flowmon Unauthenticated Command Injection
Flowmon Unauthenticated Command Injection Vulnerability
85RIESGO
abrir ↗Metasploit600
Apache HugeGraph Gremlin RCE
Apache HugeGraph-Server: Command execution in gremlin
100RIESGO
abrir ↗Metasploit600
FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS versio
100RIESGO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir ↗Metasploit300
Netdata ndsudo privilege escalation
ndsudo: local privilege escalation via untrusted search path
36RIESGO
abrir ↗Metasploit600
Chaos RAT XSS to RCE
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via th
28RIESGO
abrir ↗Metasploit600
AVideo WWBNIndex Plugin Unauthenticated RCE
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath
68RIESGO
abrir ↗Metasploit600
pgAdmin Binary Path API RCE
Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
48RIESGO
abrir ↗Metasploit600
Kemp LoadMaster Local sudo privilege escalation
LoadMaster Pre-Authenticated OS Command Injection
100RIESGO
abrir ↗Metasploit600
Kemp LoadMaster Unauthenticated Command Injection
LoadMaster Pre-Authenticated OS Command Injection
100RIESGO
abrir ↗Metasploit600
Progress Flowmon Local sudo privilege escalation
Flowmon Unauthenticated Command Injection Vulnerability
85RIESGO
abrir ↗Metasploit600
Gibbon School Platform Authenticated PHP Deserialization Vulnerability
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS
48RIESGO
abrir ↗Metasploit600
RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.
RaspberryMatic Unauthenticated Remote Code Execution vulnerability through HMServer File Upload
43RIESGO
abrir ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
48RIESGO
abrir ↗Metasploit600
OpenMetadata authentication bypass and SpEL injection exploit chain
Authentication Bypass in OpenMetadata
85RIESGO
abrir ↗Metasploit600
Ghostscript Command Execution via Format String
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with
33RIESGO
abrir ↗Metasploit600
WordPress wp-automatic Plugin SQLi Admin Creation
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
85RIESGO
abrir ↗Metasploit300
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
ColdFusion | Improper Access Control (CWE-284)
100RIESGO
abrir ↗Metasploit600
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code
58RIESGO
abrir ↗Metasploit600
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
85RIESGO
abrir ↗Metasploit600
JetBrains TeamCity Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir ↗Metasploit600
Judge0 sandbox escape
Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
43RIESGO
abrir ↗Metasploit600
Judge0 sandbox escape
Judge0 vulnerable to Sandbox Escape via Symbolic Link
43RIESGO
abrir ↗Metasploit600
pgAdmin Session Deserialization RCE
Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
65RIESGO
abrir ↗Metasploit600
Apache Solr Backup/Restore APIs RCE
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
58RIESGO
abrir ↗Metasploit600
Unauthenticated RCE in Bricks Builder Theme
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RIESGO
abrir ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RIESGO
abrir ↗Metasploit600
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Authentication bypass using an alternate path or channel
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.