Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RIESGO
abrir ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL
40RIESGO
abrir ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RIESGO
abrir ↗Metasploit600
PlaySMS index.php Unauthenticated Template Injection Code Execution
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RIESGO
abrir ↗Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RIESGO
abrir ↗Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vu
30RIESGO
abrir ↗Metasploit500
Arista restricted shell escape (with privesc)
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly oth
23RIESGO
abrir ↗Metasploit600
OpenSMTPD MAIL FROM Remote Code Execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RIESGO
abrir ↗Metasploit600
Centreon Poller Authenticated Remote Command Execution
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers mi
23RIESGO
abrir ↗Metasploit300
Ricoh Driver Privilege Escalation
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RIESGO
abrir ↗Metasploit300
WebLogic Server Deserialization RCE - BadAttributeValueExpException
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RIESGO
abrir ↗Metasploit0
WordPress InfiniteWP Client Authentication Bypass
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in in
40RIESGO
abrir ↗Metasploit300
"Cablehaunt" Cable Modem WebSocket DoS
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker
23RIESGO
abrir ↗Metasploit600
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RIESGO
abrir ↗Metasploit600
D-Link DIR-859 Unauthenticated Remote Command Execution
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated rem
100RIESGO
abrir ↗Metasploit600
IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RIESGO
abrir ↗Metasploit600
Citrix ADC (NetScaler) Directory Traversal RCE
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir ↗Metasploit300
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir ↗Metasploit300
TVT NVMS-1000 Directory Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RIESGO
abrir ↗Metasploit600
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RIESGO
abrir ↗Metasploit300
Microsoft Windows Uninitialized Variable Local Privilege Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RIESGO
abrir ↗Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RIESGO
abrir ↗Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RIESGO
abrir ↗Metasploit300
Anviz CrossChex Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RIESGO
abrir ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RIESGO
abrir ↗Metasploit600
Liferay Portal Java Unmarshalling via JSONWS RCE
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix the
100RIESGO
abrir ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RIESGO
abrir ↗Metasploit300
WordPress Email Subscribers and Newsletter Hash SQLi Scanner
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.