Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir ↗Metasploit0
Snap Creek Duplicator WordPress plugin code injection
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RIESGO
abrir ↗Metasploit300
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
91RIESGO
abrir ↗Metasploit600
Wordpress Plainview Activity Monitor RCE
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RIESGO
abrir ↗Metasploit600
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RIESGO
abrir ↗Metasploit600
Ghostscript Failed Restore Command Execution
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RIESGO
abrir ↗Metasploit300
Pimcore Gather Credentials via SQL Injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
43RIESGO
abrir ↗Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RIESGO
abrir ↗Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RIESGO
abrir ↗Metasploit300
Windows unmarshal post exploitation
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
100RIESGO
abrir ↗Metasploit600
NUUO NVRmini upgrade_handle.php Remote Command Execution
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RIESGO
abrir ↗Metasploit300
cgit Directory Traversal
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RIESGO
abrir ↗Metasploit300
Mikrotik Winbox Arbitrary File Read
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir ↗Metasploit600
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attac
56RIESGO
abrir ↗Metasploit300
Eaton Xpert Meter SSH Private Key Exposure Scanner
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different cus
30RIESGO
abrir ↗Metasploit600
QNAP Q'Center change_passwd Command Execution
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RIESGO
abrir ↗Metasploit300
Dicoogle PACS Web Server Directory Traversal
Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
36RIESGO
abrir ↗Metasploit600
QNAP Q'Center change_passwd Command Execution
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RIESGO
abrir ↗Metasploit600
CMS Made Simple Authenticated RCE via File Upload/Copy
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows a
50RIESGO
abrir ↗Metasploit300
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RIESGO
abrir ↗Metasploit300
Wordpress Arbitrary File Deletion
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/
30RIESGO
abrir ↗Metasploit600
PRTG Network Monitor Authenticated RCE
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir ↗Metasploit400
phpMyAdmin Authenticated Remote Code Execution
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RIESGO
abrir ↗Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
Remote Code Execution in Micro Focus Secure Messaging Gateway
85RIESGO
abrir ↗Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
85RIESGO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RIESGO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
60RIESGO
abrir ↗Metasploit600
Axis Network Camera .srv-to-parhand RCE
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RIESGO
abrir ↗Metasploit300
Splunk __raw Server Info Disclosure
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json
60RIESGO
abrir ↗Metasploit300
Cisco ASA Directory Traversal
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.