Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
VMware View Planner Unauthenticated Log File Upload RCE
CVE-2021-2197802 mar 2021
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RIESGO
abrir
Metasploit300
Microsoft Exchange ProxyLogon Collector
CVE-2021-26855CRITICALbajo ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Microsoft Exchange ProxyLogon RCE
CVE-2021-26855CRITICALbajo ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit300
Microsoft Exchange ProxyLogon Scanner
CVE-2021-26855CRITICALbajo ataqueransomware02 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27876HIGHbajo ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27878HIGHbajo ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27877HIGHbajo ataqueransomware01 mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RIESGO
abrir
Metasploit300
FortiLogger Arbitrary File Upload Exploit
CVE-2021-337826 feb 2021
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RIESGO
abrir
Metasploit300
Unified Remote Auth Bypass to RCE
CVE-2022-3229CRITICAL25 feb 2021
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication
55RIESGO
abrir
Metasploit600
IGEL OS Secure VNC/Terminal Command Injection RCE
CVE-2025-34082CRITICAL25 feb 2021
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
63RIESGO
abrir
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528225 feb 2021
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable
40RIESGO
abrir
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528125 feb 2021
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel
40RIESGO
abrir
Metasploit300
Wifi Mouse RCE
CVE-2022-321825 feb 2021
Necta WiFi Mouse (Mouse Server) client-side authentication bypass
40RIESGO
abrir
Metasploit0
VMware vCenter Server Unauthenticated OVA File Upload RCE
CVE-2021-21972CRITICALbajo ataqueransomware23 feb 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RIESGO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25296HIGHbajo ataque13 feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25297HIGHbajo ataque13 feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RIESGO
abrir
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25298HIGHbajo ataque13 feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2021-1732HIGHbajo ataqueransomware09 feb 2021
Windows Win32k Elevation of Privilege Vulnerability
100RIESGO
abrir
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2022-21882HIGHbajo ataque09 feb 2021
Win32k Elevation of Privilege Vulnerability
98RIESGO
abrir
Metasploit600
Advantech iView Unauthenticated Remote Code Execution
CVE-2021-2265209 feb 2021
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow a
30RIESGO
abrir
Metasploit600
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection
CVE-2021-22502CRITICALbajo ataque09 feb 2021
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RIESGO
abrir
Metasploit600
NetMotion Mobility Server MvcUtil Java Deserialization
CVE-2021-2691408 feb 2021
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code
40RIESGO
abrir
Metasploit300
NCR Command Center Agent Remote Code Execution
CVE-2021-312207 feb 2021
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (wit
40RIESGO
abrir
Metasploit600
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
CVE-2021-2414529 ene 2021
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RIESGO
abrir
Metasploit600
Sudo Heap-Based Buffer Overflow
CVE-2021-3156HIGHbajo ataque26 ene 2021
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
Metasploit600
Apache Druid 0.20.0 Remote Command Execution
CVE-2021-2564621 ene 2021
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
60RIESGO
abrir
Metasploit600
Lucee Administrator imgProcess.cfm Arbitrary File Write
CVE-2021-21307HIGH15 ene 2021
Remote Code Exploit in Lucee Admin
78RIESGO
abrir
Metasploit600
Unauthenticated remote code execution in Ignition
CVE-2021-3129CRITICALbajo ataqueransomware13 ene 2021
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RIESGO
abrir
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-17132CRITICAL12 ene 2021
Microsoft Exchange Remote Code Execution Vulnerability
65RIESGO
abrir
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-16875HIGH12 ene 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.