Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
8069 exploits
VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir ↗VulnCheck XDB
denial-of-service
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗VulnCheck XDB
client-side
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
75RIESGO
abrir ↗VulnCheck XDB
initial-access
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RIESGO
abrir ↗VulnCheck XDB
denial-of-service
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RIESGO
abrir ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗VulnCheck XDB
local
Libblockdev: lpe from allow_active to root in libblockdev via udisks
41RIESGO
abrir ↗VulnCheck XDB
initial-access
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir ↗VulnCheck XDB
initial-access
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗VulnCheck XDB
initial-access
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir ↗VulnCheck XDB
initial-access
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir ↗VulnCheck XDB
local
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
63RIESGO
abrir ↗VulnCheck XDB
initial-access
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RIESGO
abrir ↗VulnCheck XDB
initial-access
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RIESGO
abrir ↗VulnCheck XDB
client-side
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RIESGO
abrir ↗VulnCheck XDB
initial-access
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RIESGO
abrir ↗VulnCheck XDB
local
Windows Common Log File System Driver Elevation of Privilege Vulnerability
71RIESGO
abrir ↗VulnCheck XDB
initial-access
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗VulnCheck XDB
initial-access
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir ↗VulnCheck XDB
client-side
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.