Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2018-14933
CVE-2018-14933CRITICALbajo ataque
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RIESGO
abrir
Referência
CVE-2013-0632
CVE-2013-0632CRITICALbajo ataque
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and pos
100RIESGO
abrir
Referência
CVE-2015-5122
CVE-2015-5122HIGHbajo ataque
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
100RIESGO
abrir
Referência
CVE-2015-5122
CVE-2015-5122HIGHbajo ataque
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
100RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Referência
CVE-2023-36845
CVE-2023-36845CRITICALbajo ataque
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RIESGO
abrir
Referência
CVE-2023-36845
CVE-2023-36845CRITICALbajo ataque
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RIESGO
abrir
Referência
CVE-2021-44077
CVE-2021-44077CRITICALbajo ataque
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RIESGO
abrir
Referência
CVE-2020-8617
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RIESGO
abrir
Referência
CVE-2026-7219
Totolink N300RT formIpQoS buffer overflow
41RIESGO
abrir
Referência
CVE-2026-7218
Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
41RIESGO
abrir
Referência
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RIESGO
abrir
Referência
CVE-2018-10561
CVE-2018-10561CRITICALbajo ataque
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images
100RIESGO
abrir
Referência
CVE-2017-0143
CVE-2017-0143HIGHbajo ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Referência
CVE-2017-0143
CVE-2017-0143HIGHbajo ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Referência
CVE-2017-0143
CVE-2017-0143HIGHbajo ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Referência
CVE-2017-0143
CVE-2017-0143HIGHbajo ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Referência
CVE-2017-0143
CVE-2017-0143HIGHbajo ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Referência25
watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819
CVE-2025-57819CRITICALbajo ataque
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
Referência
CVE-2018-14912
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RIESGO
abrir
Referência
CVE-2020-5849
CVE-2020-5849HIGHbajo ataque
Unraid 6.8.0 allows authentication bypass.
100RIESGO
abrir
Referência
CVE-2016-4437
CVE-2016-4437CRITICALbajo ataque
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RIESGO
abrir
Referência
CVE-2016-4437
CVE-2016-4437CRITICALbajo ataque
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.