Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in
33RIESGO
abrir ↗Exploit-DB
Linux Kernel 6.2 - Userspace Processes To Enable Mitigation
Spectre v2 SMT mitigations problem in Linux kernel
33RIESGO
abrir ↗Exploit-DB
Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
Microsoft Word Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
GDidees CMS 3.9.1 - Local File Disclosure
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RIESGO
abrir ↗Exploit-DB
Bang Resto v1.0 - 'Multiple' SQL Injection
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice
41RIESGO
abrir ↗Exploit-DB
File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan
48RIESGO
abrir ↗Exploit-DB
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
SourceCodester Online Computer and Laptop Store index.php unrestricted upload
33RIESGO
abrir ↗Exploit-DB
Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
41RIESGO
abrir ↗Exploit-DB
Paradox Security Systems IPR512 - Denial Of Service
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and l
53RIESGO
abrir ↗Exploit-DB
pfsenseCE v2.6.0 - Anti-brute force protection bypass
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22
48RIESGO
abrir ↗Exploit-DB
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Microsoft Excel Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
An authenticated user can embed malicious content with XSS into the admin group policy page.
33RIESGO
abrir ↗Exploit-DB
FortiRecorder 6.4.3 - Denial of Service
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below
33RIESGO
abrir ↗Exploit-DB
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Manageme
33RIESGO
abrir ↗Exploit-DB
Adobe Connect 11.4.5 - Local File Disclosure
Adobe Connect Improper Access Control Security feature bypass
70RIESGO
abrir ↗Exploit-DB
Altenergy Power Control Software C1.2.5 - OS command injection
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/managemen
60RIESGO
abrir ↗Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
100RIESGO
abrir ↗Exploit-DB
ENTAB ERP 1.0 - Username PII leak
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames
33RIESGO
abrir ↗Exploit-DB
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
33RIESGO
abrir ↗Exploit-DB
Suprema BioStar 2 v2.8.16 - SQL Injection
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/abs
33RIESGO
abrir ↗Exploit-DB
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RIESGO
abrir ↗Exploit-DB
RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Wi
23RIESGO
abrir ↗Exploit-DB
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via
33RIESGO
abrir ↗Exploit-DB
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability v
33RIESGO
abrir ↗Exploit-DB
Joomla! v4.2.8 - Unauthenticated information disclosure
[20230201] - Core - Improper access check in webservice endpoints
100RIESGO
abrir ↗Exploit-DB
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
Fortra GoAnywhere MFT License Response Servlet Command Injection
100RIESGO
abrir ↗Exploit-DB
Wondershare Dr Fone 12.9.6 - Privilege Escalation
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability all
41RIESGO
abrir ↗Exploit-DB
NotrinosERP 0.7 - Authenticated Blind SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/s
23RIESGO
abrir ↗Exploit-DB
MAC 1200R - Directory Traversal
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-stati
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.