Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
78RIESGO
abrir ↗Exploit-DB
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RIESGO
abrir ↗Exploit-DB
Aruba Instant (IAP) - Remote Code Execution
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve
35RIESGO
abrir ↗Exploit-DB
Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users fea
23RIESGO
abrir ↗Exploit-DB
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided
50RIESGO
abrir ↗Exploit-DB
Apache Tomcat 9.0.0.M1 - Open Redirect
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a r
60RIESGO
abrir ↗Exploit-DB
OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote
28RIESGO
abrir ↗Exploit-DB
WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RIESGO
abrir ↗Exploit-DB
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir ↗Exploit-DB
Pallets Werkzeug 0.15.4 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
50RIESGO
abrir ↗Exploit-DB
Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RIESGO
abrir ↗Exploit-DB
Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
50RIESGO
abrir ↗Exploit-DB
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote aut
23RIESGO
abrir ↗Exploit-DB
Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RIESGO
abrir ↗Exploit-DB
Wordpress Plugin XCloner 4.2.12 - Remote Code Execution (Authenticated)
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated atta
53RIESGO
abrir ↗Exploit-DB
ES File Explorer 4.1.9.7.4 - Arbitrary File Read
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RIESGO
abrir ↗Exploit-DB
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before
23RIESGO
abrir ↗Exploit-DB
Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a differe
28RIESGO
abrir ↗Exploit-DB
Adobe ColdFusion 8 - Remote Command Execution (RCE)
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable fil
60RIESGO
abrir ↗Exploit-DB
TP-Link TL-WR841N - Command Injection
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216
35RIESGO
abrir ↗Exploit-DB
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RIESGO
abrir ↗Exploit-DB
WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)
23RIESGO
abrir ↗Exploit-DB
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RIESGO
abrir ↗Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RIESGO
abrir ↗Exploit-DB
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can
50RIESGO
abrir ↗Exploit-DB
Node.JS - 'node-serialize' Remote Code Execution (3)
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RIESGO
abrir ↗Exploit-DB
Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-messag
28RIESGO
abrir ↗Exploit-DB
OpenEMR 5.0.1.3 - Authentication Bypass
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote
28RIESGO
abrir ↗Exploit-DB
Polkit 0.105-26 0.117-2 - Local Privilege Escalation
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.