Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.097exploits catalogados
31.644CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Cayin xPost wayfinder_seqid SQLi to RCE
CVE-2020-7356CRITICAL04 jun 2020
Cayin xPost SQL Injection
48RIESGO
abrir
Metasploit600
Cayin CMS NTP Server RCE
CVE-2020-7357CRITICAL04 jun 2020
Cayin CMS Command Injection
55RIESGO
abrir
Metasploit300
Cisco 7937G SSH Privilege Escalation
CVE-2020-1613702 jun 2020
A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to re
23RIESGO
abrir
Metasploit300
Cisco 7937G Denial-of-Service Reboot Attack
CVE-2020-1613902 jun 2020
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the de
40RIESGO
abrir
Metasploit300
Cisco 7937G Denial-of-Service Attack
CVE-2020-1613802 jun 2020
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remot
23RIESGO
abrir
Metasploit300
Directory Traversal in Spring Cloud Config Server
CVE-2020-5410HIGHbajo ataque01 jun 2020
Directory Traversal with spring-cloud-config-server
100RIESGO
abrir
Metasploit300
Cisco DCNM auth bypass
CVE-2019-15975CRITICAL01 jun 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RIESGO
abrir
Metasploit300
Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow
CVE-2020-7374MEDIUM22 may 2020
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
28RIESGO
abrir
Metasploit600
Geutebruck testaction.cgi Remote Command Execution
CVE-2020-1620520 may 2020
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code
30RIESGO
abrir
Metasploit300
BIND TSIG Badtime Query Denial of Service
CVE-2020-8617HIGH19 may 2020
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RIESGO
abrir
Metasploit600
LinuxKI Toolset 6.01 Remote Command Execution
CVE-2020-720917 may 2020
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RIESGO
abrir
Metasploit600
Plesk/myLittleAdmin ViewState .NET Deserialization
CVE-2020-1316615 may 2020
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcod
60RIESGO
abrir
Metasploit300
WordPress ChopSlider3 id SQLi Scanner
CVE-2020-1153012 may 2020
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RIESGO
abrir
Metasploit600
Wordpress Drag and Drop Multi File Uploader RCE
CVE-2020-1280011 may 2020
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Uploa
60RIESGO
abrir
Metasploit600
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
CVE-2020-1110810 may 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Metasploit500
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
CVE-2025-34086HIGH07 may 2020
Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
36RIESGO
abrir
Metasploit300
Plex Unpickle Dict Windows RCE
CVE-2020-5741HIGHbajo ataque07 may 2020
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb
100RIESGO
abrir
Metasploit300
SaltStack Salt Master Server Root Key Disclosure
CVE-2020-11651CRITICALbajo ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Metasploit300
WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp
CVE-2020-2883CRITICALbajo ataque30 abr 2020
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions th
100RIESGO
abrir
Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
CVE-2020-11652MEDIUMbajo ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Metasploit500
SaltStack Salt Master/Minion Unauthenticated RCE
CVE-2020-11651CRITICALbajo ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Metasploit300
SaltStack Salt Master Server Root Key Disclosure
CVE-2020-11652MEDIUMbajo ataque30 abr 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Metasploit600
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CVE-2020-1210929 abr 2020
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220
40RIESGO
abrir
Metasploit300
Wordpress LearnPress current_items Authenticated SQLi
CVE-2020-601029 abr 2020
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
50RIESGO
abrir
Metasploit600
Netsweeper WebAdmin unixlogin.php Python Code Injection
CVE-2020-1316728 abr 2020
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain
40RIESGO
abrir
Metasploit600
TrixBox CE endpoint_devicemap.php Authenticated Command Execution
CVE-2020-7351HIGH28 abr 2020
Fonality Trixbox CE Post-Authentication Command Injection
48RIESGO
abrir
Metasploit600
GOG GalaxyClientService Privilege Escalation
CVE-2020-7352HIGH28 abr 2020
GOG Galaxy GalaxyClientService Privilege Escalation
36RIESGO
abrir
Metasploit400
WordPress Simple File List Unauthenticated Remote Code Execution
CVE-2020-36847CRITICAL27 abr 2020
Simple File List < 4.2.3 - Remote Code Execution
68RIESGO
abrir
Metasploit300
IBM Data Risk Manager Arbitrary File Download
CVE-2020-4427CRITICALbajo ataque21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RIESGO
abrir
Metasploit300
IBM Data Risk Manager Arbitrary File Download
CVE-2020-4429CRITICAL21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.