Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
19.810 exploits
Referência
CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a deni
60RIESGO
abrir ↗Referência
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att
60RIESGO
abrir ↗Referência
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att
60RIESGO
abrir ↗Referência
CVE-2016-7202
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute a
45RIESGO
abrir ↗Referência
CVE-2016-7202
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute a
45RIESGO
abrir ↗Referência
CVE-2011-5007
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB
60RIESGO
abrir ↗Referência
CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RIESGO
abrir ↗Referência
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the
45RIESGO
abrir ↗Referência
Philex 0.2.3 - Remote File Inclusion / File Disclosure
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute
45RIESGO
abrir ↗Referência
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a
60RIESGO
abrir ↗Referência
CVE-2019-13720
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap
93RIESGO
abrir ↗Referência
CVE-2025-2776
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
100RIESGO
abrir ↗Referência
CVE-2016-1744
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary co
23RIESGO
abrir ↗Referência
CVE-2020-5741
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb
100RIESGO
abrir ↗Referência
CVE-2006-0992
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute ar
60RIESGO
abrir ↗Referência
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions pri
60RIESGO
abrir ↗Referência
CVE-2017-6326
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RIESGO
abrir ↗Referência
CVE-2014-6038
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerabili
60RIESGO
abrir ↗Referência
Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir ↗Referência
CVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RIESGO
abrir ↗Referência
CVE-2019-1429
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RIESGO
abrir ↗Referência
CVE-2014-3914
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows
60RIESGO
abrir ↗Referência
CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r
100RIESGO
abrir ↗Referência
CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r
100RIESGO
abrir ↗Referência
CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RIESGO
abrir ↗Referência
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RIESGO
abrir ↗Referência
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.