Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
TAR Path Traversal in Zimbra (CVE-2022-41352)
CVE-2022-41352CRITICALbajo ataque28 jun 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through ama
100RIESGO
abrir
Metasploit600
Advantech iView NetworkServlet Command Injection
CVE-2022-2143CRITICAL28 jun 2022
Advantech iView
75RIESGO
abrir
Metasploit600
UnRAR Path Traversal in Zimbra (CVE-2022-30333)
CVE-2022-30333HIGHbajo ataqueransomware28 jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RIESGO
abrir
Metasploit600
UnRAR Path Traversal (CVE-2022-30333)
CVE-2022-30333HIGHbajo ataqueransomware28 jun 2022
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) o
100RIESGO
abrir
Metasploit600
Zoho Password Manager Pro XML-RPC Java Deserialization
CVE-2022-35405CRITICALbajo ataque24 jun 2022
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code
100RIESGO
abrir
Metasploit600
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
CVE-2022-20828MEDIUM22 jun 2022
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
40RIESGO
abrir
Metasploit600
Zyxel Firewall SUID Binary Privilege Escalation
CVE-2022-30526HIGH14 jun 2022
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 t
36RIESGO
abrir
Metasploit600
Atlassian Confluence Namespace OGNL Injection
CVE-2022-26134CRITICALbajo ataqueransomware02 jun 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir
Metasploit600
Microsoft Office Word MSDTJS
CVE-2022-30190HIGHbajo ataqueransomware29 may 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit300
SuiteCRM authenticated SQL injection in export functionality
CVE-2023-5350MEDIUM24 may 2022
SQL Injection in salesagility/suitecrm
28RIESGO
abrir
Metasploit600
Gitea Git Fetch Remote Code Execution
CVE-2022-3078116 may 2022
Gitea before 1.16.7 does not escape git fetch remote.
60RIESGO
abrir
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-37042CRITICALbajo ataqueransomware10 may 2022
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RIESGO
abrir
Metasploit600
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
CVE-2022-27925HIGHbajo ataqueransomware10 may 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file
100RIESGO
abrir
Metasploit300
Icingaweb Directory Traversal in Static Library File Requests
CVE-2022-24716HIGH09 may 2022
Path traversal in Icinga Web 2
78RIESGO
abrir
Metasploit600
F5 BIG-IP iControl RCE via REST Authentication Bypass
CVE-2022-1388CRITICALbajo ataqueransomware04 may 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
100RIESGO
abrir
Metasploit600
DotCMS RCE via Arbitrary File Upload.
CVE-2022-26352CRITICALbajo ataqueransomware03 may 2022
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RIESGO
abrir
Metasploit600
Zyxel Firewall ZTP Unauthenticated Command Injection
CVE-2022-30525CRITICALbajo ataque28 abr 2022
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
100RIESGO
abrir
Metasploit600
ZoneMinder Language Settings Remote Code Execution
CVE-2022-2980627 abr 2022
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an
30RIESGO
abrir
Metasploit600
Tatsu Wordpress Plugin RCE
CVE-2021-2509425 abr 2022
Tatsu < 3.3.12 - Unauthenticated RCE
60RIESGO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34878MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
28RIESGO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34877MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
28RIESGO
abrir
Metasploit300
VICIdial Multiple Authenticated SQLi
CVE-2022-34876MEDIUM19 abr 2022
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.
28RIESGO
abrir
Metasploit300
VMware vCenter Secrets Dump
CVE-2022-22948MEDIUMbajo ataque15 abr 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious act
83RIESGO
abrir
Metasploit600
ManageEngine ADSelfService Plus Custom Script Execution
CVE-2022-28810MEDIUMbajo ataque09 abr 2022
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary
100RIESGO
abrir
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295606 abr 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
30RIESGO
abrir
Metasploit600
VMware Workspace ONE Access CVE-2022-22954
CVE-2022-22954CRITICALbajo ataqueransomware06 abr 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
100RIESGO
abrir
Metasploit400
VMware Workspace ONE Access CVE-2022-22960
CVE-2022-22960HIGHbajo ataque06 abr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RIESGO
abrir
Metasploit600
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
CVE-2022-2295706 abr 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
23RIESGO
abrir
Metasploit600
Dompdf RCE via Malicious Font Caching (CVE-2022-28368)
CVE-2022-2836805 abr 2022
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RIESGO
abrir
Metasploit400
ALLMediaServer 1.6 SEH Buffer Overflow
CVE-2022-2838101 abr 2022
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrar
30RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.