Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Polycom Shell HDX Series Traceroute Command Execution
Polycom HDX Series Telnet Command Injection via lan traceroute
36RIESGO
abrir ↗Metasploit300
Roundcube TimeZone Authenticated File Disclosure
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary file
98RIESGO
abrir ↗Metasploit600
Synology DiskStation Manager smart.cgi Remote Command Execution
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RIESGO
abrir ↗Metasploit300
Samsung Internet Browser SOP Bypass
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
60RIESGO
abrir ↗Metasploit600
pfSense authenticated group member RCE
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_
30RIESGO
abrir ↗Metasploit300
Brother Debut http Denial Of Service
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RIESGO
abrir ↗Metasploit400
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The applicati
43RIESGO
abrir ↗Metasploit600
Xplico Remote Code Execution
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RIESGO
abrir ↗Metasploit600
Tuleap 9.6 Second-Order PHP Object Injection
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentEl
50RIESGO
abrir ↗Metasploit300
Ayukov NFTP FTP Client Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RIESGO
abrir ↗Metasploit600
Oracle WebLogic wls-wsat Component Deserialization RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RIESGO
abrir ↗Metasploit300
Easy Chat Server User Registeration Buffer Overflow (SEH)
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1
23RIESGO
abrir ↗Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
30RIESGO
abrir ↗Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
30RIESGO
abrir ↗Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
18RIESGO
abrir ↗Metasploit600
Trend Micro OfficeScan Remote Code Execution
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr
50RIESGO
abrir ↗Metasploit600
Tomcat RCE via JSP Upload Bypass
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RIESGO
abrir ↗Metasploit600
HP Intelligent Management Java Deserialization RCE
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and e
60RIESGO
abrir ↗Metasploit600
phpCollab 2.5.1 Unauthenticated File Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RIESGO
abrir ↗Metasploit300
Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir ↗Metasploit300
Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir ↗Metasploit300
CyberLink LabelPrint 2.5 Stack Buffer Overflow
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) au
43RIESGO
abrir ↗Metasploit600
DenyAll Web Application Firewall Remote Code Execution
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf
23RIESGO
abrir ↗Metasploit300
Apache Optionsbleed Scanner
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user
60RIESGO
abrir ↗Metasploit600
xdebug Unauthenticated OS Command Execution
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RIESGO
abrir ↗Metasploit600
Kaltura Remote PHP Code Execution over Cookie
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, wh
60RIESGO
abrir ↗Metasploit600
Apache Struts 2 REST Plugin XStream RCE
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RIESGO
abrir ↗Metasploit600
Mako Server v2.5, 2.6 OS Command Injection RCE
Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp
63RIESGO
abrir ↗Metasploit600
Zivif Camera iptest.cgi Blind Remote Command Execution
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauth
40RIESGO
abrir ↗Metasploit300
IBM Notes encodeURI DOS
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it coul
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.