Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
19.810 exploits
Referência
CVE-2021-25296
CVE-2021-25296HIGHbajo ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir
Referência
CVE-2021-39327
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir
Referência
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RIESGO
abrir
Referência
CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and
60RIESGO
abrir
Referência
CVE-2017-6334
CVE-2017-6334HIGHbajo ataque
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RIESGO
abrir
Referência
CVE-2017-6334
CVE-2017-6334HIGHbajo ataque
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RIESGO
abrir
Referência
CVE-2017-6334
CVE-2017-6334HIGHbajo ataque
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RIESGO
abrir
Referência
CVE-2017-8729
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current u
45RIESGO
abrir
Referência
CVE-2019-16724
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RIESGO
abrir
Referência
CVE-2019-16724
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RIESGO
abrir
Referência
File Sharing Wizard 1.5.0 - POST SEH Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RIESGO
abrir
Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RIESGO
abrir
Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RIESGO
abrir
Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RIESGO
abrir
Referência
CVE-2015-2455
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
35RIESGO
abrir
Referência
CVE-2018-6008
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter
50RIESGO
abrir
Referência
CVE-2018-6008
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter
50RIESGO
abrir
Referência
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo help
23RIESGO
abrir
Referência
CVE-2014-4880
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
60RIESGO
abrir
Referência
CVE-2014-0307
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause
60RIESGO
abrir
Referência
CVE-2025-34299
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RIESGO
abrir
Referência
Ncaster 1.7.2 - 'archive.php' Remote File Inclusion
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to
45RIESGO
abrir
Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RIESGO
abrir
Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RIESGO
abrir
Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RIESGO
abrir
Referência
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service v
45RIESGO
abrir
Referência
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RIESGO
abrir
Referência
CVE-2017-8540
CVE-2017-8540HIGHbajo ataque
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
93RIESGO
abrir
Referência
CVE-2013-3623
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RIESGO
abrir
Referência
CVE-2010-2263
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.