Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
48RIESGO
abrir ↗Metasploit400
Apache Superset Signed Cookie RCE
Apache Superset: Possible Unauthorized Registration of SQLite Database Connections
45RIESGO
abrir ↗Metasploit400
Apache Superset Signed Cookie RCE
Apache Superset: Metadata db write access can lead to remote code execution
53RIESGO
abrir ↗Metasploit400
Apache Superset Signed Cookie RCE
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir ↗Metasploit600
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
75RIESGO
abrir ↗Metasploit600
LG Simple Editor Remote Code Execution
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability
65RIESGO
abrir ↗Metasploit600
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir ↗Metasploit600
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an
100RIESGO
abrir ↗Metasploit300
ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
55RIESGO
abrir ↗Metasploit600
Junos OS PHPRC Environment Variable Manipulation RCE
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RIESGO
abrir ↗Metasploit300
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
58RIESGO
abrir ↗Metasploit600
Ivanti Avalanche MDM Buffer Overflow
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RIESGO
abrir ↗Metasploit600
PRTG CVE-2023-32781 Authenticated RCE
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an au
23RIESGO
abrir ↗Metasploit600
CrushFTP Unauthenticated RCE
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes
60RIESGO
abrir ↗Metasploit600
LG Simple Editor Command Injection (CVE-2023-40504)
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability
65RIESGO
abrir ↗Metasploit600
Eramba (up to 3.19.1) Authenticated Remote Code Execution Module
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrar
30RIESGO
abrir ↗Metasploit600
RaspAP Unauthenticated Command Injection
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary comma
60RIESGO
abrir ↗Metasploit600
Maltrail Unauthenticated Command Injection
stamparm/maltrail <=0.54 Remote Command Execution
63RIESGO
abrir ↗Metasploit600
Greenshot .NET Deserialization Fileformat Exploit
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .green
38RIESGO
abrir ↗Metasploit300
GameOver(lay) Privilege Escalation and Container Escape
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks
56RIESGO
abrir ↗Metasploit300
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlay
61RIESGO
abrir ↗Metasploit600
Metabase Setup Token RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RIESGO
abrir ↗Metasploit300
Citrix ADC (NetScaler) Forms SSO Target RCE
Unauthenticated remote code execution
100RIESGO
abrir ↗Metasploit600
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header t
50RIESGO
abrir ↗Metasploit600
Sonicwall
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and
58RIESGO
abrir ↗Metasploit600
Sonicwall
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the
18RIESGO
abrir ↗Metasploit600
Sonicwall
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GM
58RIESGO
abrir ↗Metasploit600
Sonicwall
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio
75RIESGO
abrir ↗Metasploit600
Microsoft Error Reporting Local Privilege Elevation Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
98RIESGO
abrir ↗Metasploit600
OpenTSDB 2.4.1 unauthenticated command injection
Remote Code Execution in OpenTSDB
68RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.