Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command inject
100RIESGO
abrir ↗Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passw
23RIESGO
abrir ↗Metasploit0
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RIESGO
abrir ↗Metasploit600
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerabili
23RIESGO
abrir ↗Metasploit0
PHPMailer Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir ↗Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in t
23RIESGO
abrir ↗Metasploit600
VMware VDP Known SSH Key
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which mak
30RIESGO
abrir ↗Metasploit600
NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cg
100RIESGO
abrir ↗Metasploit300
NETGEAR WNR2000v5 Administrator Password Recovery
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Thi
50RIESGO
abrir ↗Metasploit300
NETGEAR WNR2000v5 Administrator Password Recovery
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the w
60RIESGO
abrir ↗Metasploit600
Western Digital MyCloud unauthenticated command injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytic
40RIESGO
abrir ↗Metasploit600
Western Digital MyCloud unauthenticated command injection
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RIESGO
abrir ↗Metasploit600
Netgear R7000 and R6400 cgi-bin Command Injection
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.B
100RIESGO
abrir ↗Metasploit600
DiskBoss Enterprise GET Buffer Overflow
DiskBoss Enterprise Stack-Based Buffer Overflow RCE
43RIESGO
abrir ↗Metasploit600
DiskSavvy Enterprise GET Buffer Overflow
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary c
50RIESGO
abrir ↗Metasploit300
Firefox nsSMILTimeContainer::NotifyTimeChange() RCE
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RIESGO
abrir ↗Metasploit600
Jenkins CLI HTTP Java Deserialization Vulnerability
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RIESGO
abrir ↗Metasploit300
Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary c
40RIESGO
abrir ↗Metasploit600
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
60RIESGO
abrir ↗Metasploit400
WinaXe 7.7 FTP Client Remote Buffer Overflow
WinaXe 7.7 FTP Client Remote Buffer Overflow
36RIESGO
abrir ↗Metasploit600
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
60RIESGO
abrir ↗Metasploit300
Joomla Account Creation and Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RIESGO
abrir ↗Metasploit300
Joomla Account Creation and Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RIESGO
abrir ↗Metasploit600
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.
100RIESGO
abrir ↗Metasploit600
PowerShellEmpire Arbitrary File Upload (Skywalker)
BC Security Empire Path Traversal RCE
68RIESGO
abrir ↗Metasploit300
Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via
50RIESGO
abrir ↗Metasploit600
Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users
60RIESGO
abrir ↗Metasploit0
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distribu
38RIESGO
abrir ↗Metasploit600
Disk Pulse Enterprise Login Buffer Overflow
Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow
36RIESGO
abrir ↗Metasploit0
Apache Tomcat on Ubuntu Log Init Privilege Escalation
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debia
38RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.