Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Wordpress Plugin Catch Themes Demo Import RCE
CVE-2021-39352HIGH21 oct 2021
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
48RIESGO
abrir
Metasploit400
Win32k NtGdiResetDC Use After Free Local Privilege Elevation
CVE-2021-40449HIGHbajo ataqueransomware12 oct 2021
Win32k Elevation of Privilege Vulnerability
100RIESGO
abrir
Metasploit600
WordPress Plugin Pie Register Auth Bypass to RCE
CVE-2025-34077CRITICAL08 oct 2021
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RIESGO
abrir
Metasploit300
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
CVE-2021-2476205 oct 2021
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RIESGO
abrir
Metasploit600
ManageEngine ADAudit Plus Authenticated File Write RCE
CVE-2021-4284701 oct 2021
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
40RIESGO
abrir
Metasploit600
Microsoft Office Word Malicious MSHTML RCE
CVE-2021-40444HIGHbajo ataqueransomware23 sep 2021
Microsoft MSHTML Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit0
VMware vCenter vScalation Priv Esc
CVE-2021-2201521 sep 2021
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
18RIESGO
abrir
Metasploit600
VMware vCenter Server Analytics (CEIP) Service File Upload
CVE-2021-22005CRITICALbajo ataqueransomware21 sep 2021
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RIESGO
abrir
Metasploit600
Hikvision IP Camera Unauthenticated Command Injection
CVE-2021-36260CRITICALbajo ataque18 sep 2021
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RIESGO
abrir
Metasploit300
Wordpress BulletProof Security Backup Disclosure
CVE-2021-39327MEDIUM17 sep 2021
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir
Metasploit600
ManageEngine ServiceDesk Plus CVE-2021-44077
CVE-2021-44077CRITICALbajo ataque16 sep 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RIESGO
abrir
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38648HIGHbajo ataque14 sep 2021
Open Management Infrastructure Elevation of Privilege Vulnerability
91RIESGO
abrir
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38647CRITICALbajo ataqueransomware14 sep 2021
Open Management Infrastructure Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
ManageEngine ADSelfService Plus CVE-2021-40539
CVE-2021-40539CRITICALbajo ataqueransomware07 sep 2021
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RIESGO
abrir
Metasploit300
Netgear PNPX_GetShareFolderList Authentication Bypass
CVE-2021-45511MEDIUM06 sep 2021
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021
33RIESGO
abrir
Metasploit300
WordPress Plugin Automatic Config Change to RCE
CVE-2021-4374CRITICAL06 sep 2021
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RIESGO
abrir
Metasploit600
Atlassian Confluence WebWork OGNL Injection
CVE-2021-26084CRITICALbajo ataqueransomware25 ago 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir
Metasploit300
Canon Driver Privilege Escalation
CVE-2021-3808507 ago 2021
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer pro
18RIESGO
abrir
Metasploit300
Pi-Hole Top Domains API Authenticated Exec
CVE-2021-32706HIGH04 ago 2021
(Authenticated) Remote Code Execution Possible in Web Interface 5.5
48RIESGO
abrir
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2020-2865326 jul 2021
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RIESGO
abrir
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2021-328726 jul 2021
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RIESGO
abrir
Metasploit300
Elasticsearch Memory Disclosure
CVE-2021-2214521 jul 2021
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RIESGO
abrir
Metasploit300
Windows SAM secrets leak - HiveNightmare
CVE-2021-36934HIGHbajo ataque20 jul 2021
Windows Elevation of Privilege Vulnerability
98RIESGO
abrir
Metasploit300
Lexmark Driver Privilege Escalation
CVE-2021-3544915 jul 2021
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below,
18RIESGO
abrir
Metasploit600
Nagios XI Autodiscovery Webshell Upload
CVE-2021-3734315 jul 2021
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post au
23RIESGO
abrir
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-34429MEDIUM15 jul 2021
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RIESGO
abrir
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-28164MEDIUM15 jul 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RIESGO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33548HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
48RIESGO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33551HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
48RIESGO
abrir
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33553HIGH08 jul 2021
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.