Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2026-7096
Tenda HG3 formgponConf os command injection
41RIESGO
abrir
Referência
CVE-2026-7095
code-projects Employee Management System edit.php cross site scripting
33RIESGO
abrir
Referência
CVE-2026-7094
ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery
33RIESGO
abrir
Referência
CVE-2020-28949
CVE-2020-28949HIGHbajo ataque
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RIESGO
abrir
Referência
CVE-2013-3214
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RIESGO
abrir
Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RIESGO
abrir
Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RIESGO
abrir
Referência
CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RIESGO
abrir
Referência
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
ingress-nginx controller - configuration injection via unsanitized mirror annotations
78RIESGO
abrir
Referência
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RIESGO
abrir
Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RIESGO
abrir
Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RIESGO
abrir
Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RIESGO
abrir
Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RIESGO
abrir
Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RIESGO
abrir
Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RIESGO
abrir
Referência
CVE-2017-0213
CVE-2017-0213HIGHbajo ataqueransomware
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Ser
93RIESGO
abrir
Referência
CVE-2014-0780
CVE-2014-0780CRITICALbajo ataque
InduSoft Web Studio Path Traversal
100RIESGO
abrir
Referência
CVE-2017-8759
CVE-2017-8759HIGHbajo ataque
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely vi
93RIESGO
abrir
Referência
CVE-2022-24990
CVE-2022-24990CRITICALbajo ataqueransomware
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agen
100RIESGO
abrir
Referência
CVE-2020-5722
CVE-2020-5722CRITICALbajo ataque
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RIESGO
abrir
Referência
CVE-2020-5722
CVE-2020-5722CRITICALbajo ataque
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RIESGO
abrir
Referência
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions pre
60RIESGO
abrir
Referência
CVE-2018-17463
CVE-2018-17463HIGHbajo ataque
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RIESGO
abrir
Referência
CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable fil
60RIESGO
abrir
Referência
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nod
45RIESGO
abrir
Referência
CVE-2020-11023
CVE-2020-11023MEDIUMbajo ataque
Potential XSS vulnerability in jQuery
85RIESGO
abrir
Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RIESGO
abrir
Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RIESGO
abrir
Referência
CVE-2015-3035
CVE-2015-3035HIGHbajo ataque
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.