Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Froxlor Log Path RCE
CVE-2023-0315HIGH29 ene 2023
Command Injection in froxlor/froxlor
78RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31706CRITICAL24 ene 2023
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject fi
85RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31711MEDIUM24 ene 2023
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sen
53RIESGO
abrir
Metasploit600
VMware vRealize Log Insight Unauthenticated RCE
CVE-2022-31704CRITICAL24 ene 2023
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely
85RIESGO
abrir
Metasploit600
Sudoedit Extra Arguments Priv Esc
CVE-2023-22809HIGH18 ene 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RIESGO
abrir
Metasploit600
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
CVE-2023-21839HIGHbajo ataque17 ene 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir
Metasploit600
pyLoad js2py Python Execution
CVE-2023-0297CRITICAL13 ene 2023
Code Injection in pyload/pyload
85RIESGO
abrir
Metasploit300
Wordpress Paid Membership Pro code Unauthenticated SQLi
CVE-2023-23488CRITICAL12 ene 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RIESGO
abrir
Metasploit600
ManageEngine Endpoint Central Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
CVE-2022-47966CRITICALbajo ataqueransomware10 ene 2023
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due
100RIESGO
abrir
Metasploit600
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
CVE-2023-21768HIGH10 ene 2023
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir
Metasploit600
Jorani unauthenticated Remote Code Execution
CVE-2023-2646906 ene 2023
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
60RIESGO
abrir
Metasploit600
CWP login.php Unauthenticated RCE
CVE-2022-44877CRITICALbajo ataque05 ene 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RIESGO
abrir
Metasploit400
SugarCRM unauthenticated Remote Code Execution (RCE)
CVE-2023-22952HIGHbajo ataque28 dic 2022
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because o
100RIESGO
abrir
Metasploit600
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
CVE-2022-46689HIGH17 dic 2022
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macO
68RIESGO
abrir
Metasploit600
Cacti 1.2.22 unauthenticated command injection
CVE-2022-46169CRITICALbajo ataque05 dic 2022
Unauthenticated Command Injection
100RIESGO
abrir
Metasploit300
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
CVE-2022-46770HIGH04 dic 2022
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984722 nov 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to i
30RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984822 nov 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir
Metasploit600
VSCode ipynb Remote Development RCE
CVE-2022-41034HIGH22 nov 2022
Visual Studio Code Remote Code Execution Vulnerability
48RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984522 nov 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke
18RIESGO
abrir
Metasploit0
WhatsUp Gold Credentials Dump
CVE-2022-2984622 nov 2022
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obt
18RIESGO
abrir
Metasploit600
F5 BIG-IP iControl Authenticated RCE via RPM Creator
CVE-2022-41800HIGH16 nov 2022
Appliance mode iControl REST vulnerability
68RIESGO
abrir
Metasploit600
F5 BIG-IP iControl CSRF File Write SOAP API
CVE-2022-41622HIGH16 nov 2022
iControl SOAP vulnerability
58RIESGO
abrir
Metasploit600
Bitbucket Environment Variable RCE
CVE-2022-43781CRITICAL16 nov 2022
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker
65RIESGO
abrir
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38121MEDIUM10 nov 2022
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials
28RIESGO
abrir
Metasploit300
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVE-2022-38120MEDIUM10 nov 2022
POWERCOM CO., LTD. UPSMON PRO - Path Traversal
28RIESGO
abrir
Metasploit400
Lenovo Diagnostics Driver IOCTL memmove
CVE-2022-3699HIGH09 nov 2022
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo
56RIESGO
abrir
Metasploit600
Acronis Cyber Protect/Backup remote code execution
CVE-2022-3405CRITICAL08 nov 2022
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following
43RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.