Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi
CVE-2023-47218MEDIUM13 feb 2024
QTS, QuTS hero, QuTScloud
70RIESGO
abrir
Metasploit300
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
CVE-2024-1071CRITICAL10 feb 2024
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RIESGO
abrir
Metasploit300
Rancher Audit Log Sensitive Information Leak
CVE-2023-22649HIGH08 feb 2024
Rancher 'Audit Log' leaks sensitive information
36RIESGO
abrir
Metasploit600
runc (docker) File Descriptor Leak Privilege Escalation
CVE-2024-21626HIGH31 ene 2024
runc container breakout through process.cwd trickery and leaked fds
61RIESGO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21887CRITICALbajo ataqueransomware31 ene 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RIESGO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21893HIGHbajo ataqueransomware31 ene 2024
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RIESGO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2023-36661HIGH31 ene 2024
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyIn
36RIESGO
abrir
Metasploit300
GitLab Tags RSS feed email disclosure
CVE-2023-5612MEDIUM25 ene 2024
Missing Authorization in GitLab
28RIESGO
abrir
Metasploit300
Zyxel parse_config.py Command Injection
CVE-2023-33012HIGH24 ene 2024
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
41RIESGO
abrir
Metasploit300
Jenkins cli Ampersand Replacement Arbitrary File Read
CVE-2024-23897CRITICALbajo ataqueransomware24 ene 2024
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
Metasploit600
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
CVE-2024-0204CRITICAL22 ene 2024
Authentication Bypass in GoAnywhere MFT
85RIESGO
abrir
Metasploit600
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
CVE-2024-23759CRITICAL19 ene 2024
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" paramete
55RIESGO
abrir
Metasploit600
Atlassian Confluence SSTI Injection
CVE-2023-22527CRITICALbajo ataqueransomware16 ene 2024
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated atta
100RIESGO
abrir
Metasploit300
GitLab Password Reset Account Takeover
CVE-2023-7028CRITICALbajo ataque11 ene 2024
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RIESGO
abrir
Metasploit600
Netis router MW5360 unauthenticated RCE.
CVE-2024-22729CRITICAL11 ene 2024
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RIESGO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2023-46805HIGHbajo ataqueransomware10 ene 2024
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a re
100RIESGO
abrir
Metasploit300
Wordpress POST SMTP Account Takeover
CVE-2023-6875CRITICAL10 ene 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RIESGO
abrir
Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVE-2024-21887CRITICALbajo ataqueransomware10 ene 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RIESGO
abrir
Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
CVE-2023-710224 dic 2023
Remote Code Execution (RCE) Vulnerability
30RIESGO
abrir
Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
CVE-2023-7101HIGHbajo ataque24 dic 2023
Arbitrary Code Execution (ACE) Vulnerability
71RIESGO
abrir
Metasploit600
Cacti RCE via SQLi in pollers.php
CVE-2023-49084HIGH20 dic 2023
Local File Inclusion (RCE) in Cacti
48RIESGO
abrir
Metasploit600
Cacti RCE via SQLi in pollers.php
CVE-2023-49085HIGH20 dic 2023
Cacti SQL Injection vulnerability
58RIESGO
abrir
Metasploit600
MajorDoMo Command Injection
CVE-2023-5091715 dic 2023
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE:
50RIESGO
abrir
Metasploit600
WordPress Backup Migration Plugin PHP Filter Chain RCE
CVE-2023-6553CRITICAL11 dic 2023
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
CVE-2023-50445HIGH10 dic 2023
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000
36RIESGO
abrir
Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
CVE-2023-50919CRITICAL10 dic 2023
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string
75RIESGO
abrir
Metasploit600
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
CVE-2023-4220HIGH28 nov 2023
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir
Metasploit600
Splunk Authenticated XSLT Upload RCE
CVE-2023-46214HIGH28 nov 2023
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
58RIESGO
abrir
Metasploit300
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
CVE-2023-6329CRITICAL27 nov 2023
Control iD iDSecure passwordCustom Authentication Bypass
75RIESGO
abrir
Metasploit600
WordPress Royal Elementor Addons RCE
CVE-2023-536023 nov 2023
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.