Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
CVE-2021-1498CRITICALbajo ataque05 may 2021
Cisco HyperFlex HX Command Injection Vulnerabilities
100RIESGO
abrir
Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
CVE-2021-1497CRITICALbajo ataque05 may 2021
Cisco HyperFlex HX Command Injection Vulnerabilities
100RIESGO
abrir
Metasploit400
Dell DBUtil_2_3.sys IOCTL memmove
CVE-2021-21551HIGHbajo ataque04 may 2021
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
98RIESGO
abrir
Metasploit600
Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
CVE-2021-2415504 may 2021
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RIESGO
abrir
Metasploit400
SuiteCRM Log File Remote Code Execution
CVE-2021-4284028 abr 2021
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RIESGO
abrir
Metasploit400
SuiteCRM Log File Remote Code Execution
CVE-2020-2832828 abr 2021
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RIESGO
abrir
Metasploit600
Git LFS Clone Command Exec
CVE-2021-21300HIGH26 abr 2021
malicious repositories can execute remote code while cloning
58RIESGO
abrir
Metasploit300
Netgear R7000 backup.cgi Heap Overflow RCE
CVE-2021-3180221 abr 2021
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without au
23RIESGO
abrir
Metasploit500
Pi-Hole Remove Commands Linux Priv Esc
CVE-2021-29449MEDIUM20 abr 2021
Multiple Privilege Escalation Vulnerabilities Pihole
28RIESGO
abrir
Metasploit300
Apache Tapestry HMAC secret key leak
CVE-2021-2785015 abr 2021
Bypass of the fix for CVE-2019-0195
60RIESGO
abrir
Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
CVE-2021-22205CRITICALbajo ataqueransomware14 abr 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RIESGO
abrir
Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
CVE-2021-22204MEDIUMbajo ataque14 abr 2021
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RIESGO
abrir
Metasploit0
Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE
CVE-2021-21220HIGHbajo ataque13 abr 2021
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir
Metasploit300
Cockpit CMS NoSQLi to RCE
CVE-2020-3584713 abr 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RIESGO
abrir
Metasploit300
Cockpit CMS NoSQLi to RCE
CVE-2020-3584613 abr 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RIESGO
abrir
Metasploit500
2021 Ubuntu Overlayfs LPE
CVE-2021-3493HIGHbajo ataque12 abr 2021
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RIESGO
abrir
Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
CVE-2021-1473MEDIUM07 abr 2021
Cisco Small Business RV Series Routers Vulnerabilities
40RIESGO
abrir
Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
CVE-2021-1472MEDIUM07 abr 2021
Cisco Small Business RV Series Routers Vulnerabilities
50RIESGO
abrir
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-34523CRITICALbajo ataqueransomware06 abr 2021
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RIESGO
abrir
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-34473CRITICALbajo ataqueransomware06 abr 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-31207MEDIUMbajo ataqueransomware06 abr 2021
Microsoft Exchange Server Security Feature Bypass Vulnerability
100RIESGO
abrir
Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
CVE-2021-2198330 mar 2021
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authent
50RIESGO
abrir
Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
CVE-2021-21975HIGHbajo ataqueransomware30 mar 2021
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RIESGO
abrir
Metasploit300
GravCMS Remote Command Execution
CVE-2021-21425CRITICAL29 mar 2021
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RIESGO
abrir
Metasploit0
macOS Gatekeeper check bypass
CVE-2021-30657MEDIUMbajo ataque25 mar 2021
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2
90RIESGO
abrir
Metasploit0
macOS Gatekeeper check bypass
CVE-2022-2261625 mar 2021
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey
18RIESGO
abrir
Metasploit600
Apache OFBiz SOAP Java Deserialization
CVE-2021-2629522 mar 2021
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
60RIESGO
abrir
Metasploit600
rConfig Vendors Auth File Upload RCE
CVE-2022-44384HIGH17 mar 2021
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP fi
36RIESGO
abrir
Metasploit600
F5 iControl REST Unauthenticated SSRF Token Generation RCE
CVE-2021-22986CRITICALbajo ataqueransomware10 mar 2021
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RIESGO
abrir
Metasploit600
Microsoft Exchange ProxyLogon RCE
CVE-2021-27065HIGHbajo ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.