Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.046exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2023-0315
Command Injection in froxlor/froxlor
78RIESGO
abrir
Referência
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RIESGO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Referência
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/s
60RIESGO
abrir
Referência
CVE-2025-61884
CVE-2025-61884HIGHbajo ataqueransomware
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions
100RIESGO
abrir
Referência
CVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TC
45RIESGO
abrir
Referência
CVE-2019-19781
CVE-2019-19781CRITICALbajo ataqueransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RIESGO
abrir
Referência
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RIESGO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHbajo ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RIESGO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHbajo ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RIESGO
abrir
Referência
CVE-2016-3714
CVE-2016-3714HIGHbajo ataque
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RIESGO
abrir
Referência47
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
CVE-2024-56145CRITICALbajo ataque
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RIESGO
abrir
Referência
CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m
45RIESGO
abrir
Referência
CVE-2024-10914
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
85RIESGO
abrir
Referência
CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RIESGO
abrir
Referência
CVE-2019-9082
CVE-2019-9082HIGHbajo ataque
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RIESGO
abrir
Referência
CVE-2019-9082
CVE-2019-9082HIGHbajo ataque
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RIESGO
abrir
Referência
CVE-2023-27524
CVE-2023-27524HIGHbajo ataque
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
Referência
CVE-2023-27524
CVE-2023-27524HIGHbajo ataque
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RIESGO
abrir
Referência
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RIESGO
abrir
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RIESGO
abrir
Referência
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RIESGO
abrir
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RIESGO
abrir
Referência
CVE-2017-3248
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RIESGO
abrir
Referência
CVE-2020-14864
CVE-2020-14864HIGHbajo ataque
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Ins
100RIESGO
abrir
Referência
CVE-2025-34028
CVE-2025-34028CRITICALbajo ataque
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RIESGO
abrir
Referência21
watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
CVE-2025-34028CRITICALbajo ataque
Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.