Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
WordPress Loginizer log SQLi Scanner
CVE-2020-2761521 oct 2020
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_fa
30RIESGO
abrir
Metasploit600
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
CVE-2020-579120 oct 2020
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admi
60RIESGO
abrir
Metasploit600
NSClient++ 0.5.2.35 - Privilege escalation
CVE-2025-34078HIGH20 oct 2020
NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
36RIESGO
abrir
Metasploit300
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
CVE-2020-14871CRITICALbajo ataque20 oct 2020
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RIESGO
abrir
Metasploit600
Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection
CVE-2020-579220 oct 2020
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user
30RIESGO
abrir
Metasploit600
NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution
CVE-2025-34079HIGH20 oct 2020
NSClient++ Authenticated Remote Code Execution via ExternalScripts API
36RIESGO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14750CRITICALbajo ataque20 oct 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14883HIGHbajo ataque20 oct 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
Metasploit600
Oracle WebLogic Server Administration Console Handle RCE
CVE-2020-14882CRITICALbajo ataque20 oct 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
Metasploit600
Microsoft SharePoint Server-Side Include and ViewState RCE
CVE-2020-16952HIGH13 oct 2020
Microsoft SharePoint Remote Code Execution Vulnerability
58RIESGO
abrir
Metasploit600
Gitea Git Hooks Remote Code Execution
CVE-2020-1414407 oct 2020
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer envir
40RIESGO
abrir
Metasploit600
Gogs Git Hooks Remote Code Execution
CVE-2020-1586707 oct 2020
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privile
40RIESGO
abrir
Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
CVE-2020-6207CRITICALbajo ataque03 oct 2020
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RIESGO
abrir
Metasploit300
SAP Solution Manager remote unauthorized OS commands execution
CVE-2020-6207CRITICALbajo ataque03 oct 2020
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform an
100RIESGO
abrir
Metasploit600
OpenMediaVault rpc.php Authenticated PHP Code Injection
CVE-2020-2612428 sep 2020
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield PO
30RIESGO
abrir
Metasploit600
FlexDotnetCMS Arbitrary ASP File Upload
CVE-2020-2738628 sep 2020
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and e
40RIESGO
abrir
Metasploit600
HorizontCMS Arbitrary PHP File Upload
CVE-2020-2738724 sep 2020
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access
23RIESGO
abrir
Metasploit600
Micro Focus Operations Bridge Reporter shrboadmin default password
CVE-2020-1185721 sep 2020
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The
23RIESGO
abrir
Metasploit600
Sophos UTM WebAdmin SID Command Injection
CVE-2020-25223CRITICALbajo ataque18 sep 2020
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RIESGO
abrir
Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
CVE-2019-023014 sep 2020
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RIESGO
abrir
Metasploit600
Apache Struts 2 Forced Multi OGNL Evaluation
CVE-2020-17530CRITICALbajo ataque14 sep 2020
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected
100RIESGO
abrir
Metasploit600
MobileIron MDM Hessian-Based Java Deserialization RCE
CVE-2020-15505CRITICALbajo ataque12 sep 2020
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RIESGO
abrir
Metasploit600
Palo Alto Networks Authenticated Remote Code Execution
CVE-2020-2038HIGH09 sep 2020
PAN-OS: OS command injection vulnerability in the management web interface
78RIESGO
abrir
Metasploit300
WordPress File Manager Unauthenticated Remote Code Execution
CVE-2020-25213CRITICALbajo ataque09 sep 2020
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir
Metasploit600
MaraCMS Arbitrary PHP File Upload
CVE-2020-2504231 ago 2020
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authentic
23RIESGO
abrir
Metasploit300
Jira Users Enumeration
CVE-2020-1418116 ago 2020
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
60RIESGO
abrir
Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
CVE-2020-1750509 ago 2020
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter i
40RIESGO
abrir
Metasploit600
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
CVE-2020-1750609 ago 2020
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RIESGO
abrir
Metasploit600
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
CVE-2020-17496CRITICALbajo ataque09 ago 2020
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbe
100RIESGO
abrir
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
CVE-2020-3153MEDIUMbajo ataqueransomware05 ago 2020
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
83RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.