Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Cisco IKE Information Disclosure
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x
100RIESGO
abrir ↗Metasploit300
BIND TSIG Query Denial of Service
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly
60RIESGO
abrir ↗Metasploit600
MagniComp SysInfo mcsiwrapper Privilege Escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow
38RIESGO
abrir ↗Metasploit600
BuilderEngine Arbitrary File Upload Vulnerability and execution
BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
63RIESGO
abrir ↗Metasploit500
Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.
23RIESGO
abrir ↗Metasploit0
WebKit not_number defineProperties UAF
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory
98RIESGO
abrir ↗Metasploit400
Safari Webkit JIT Exploit for iOS 7.1.2
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud b
30RIESGO
abrir ↗Metasploit0
WebKit not_number defineProperties UAF
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denia
91RIESGO
abrir ↗Metasploit0
WebKit not_number defineProperties UAF
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
90RIESGO
abrir ↗Metasploit400
Safari Webkit JIT Exploit for iOS 7.1.2
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS b
38RIESGO
abrir ↗Metasploit400
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau
43RIESGO
abrir ↗Metasploit300
ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
63RIESGO
abrir ↗Metasploit300
Zabbix toggle_ids SQL Injection
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQ
40RIESGO
abrir ↗Metasploit300
Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the f
30RIESGO
abrir ↗Metasploit600
Trend Micro Smart Protection Server Exec Remote Code Injection
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330
30RIESGO
abrir ↗Metasploit300
DLL Side Loading Vulnerability in VMware Host Guest Client Redirector
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t
43RIESGO
abrir ↗Metasploit300
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillanc
50RIESGO
abrir ↗Metasploit600
NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 th
60RIESGO
abrir ↗Metasploit600
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR Rea
60RIESGO
abrir ↗Metasploit600
SonicWall Global Management System XMLRPC set_time_zone Unauth RCE
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before
23RIESGO
abrir ↗Metasploit0
Oracle Weblogic Server Deserialization RCE - MarshalledObject
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12
40RIESGO
abrir ↗Metasploit600
Tiki Wiki Unauthenticated File Upload Vulnerability
Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
63RIESGO
abrir ↗Metasploit500
NetBSD mail.local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or
38RIESGO
abrir ↗Metasploit300
WebNMS Framework Server Arbitrary Text File Download
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RIESGO
abrir ↗Metasploit300
WebNMS Framework Server Credential Disclosure
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependen
50RIESGO
abrir ↗Metasploit600
WebNMS Framework Server Arbitrary File Upload
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remot
60RIESGO
abrir ↗Metasploit300
WebNMS Framework Server Credential Disclosure
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RIESGO
abrir ↗Metasploit600
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
63RIESGO
abrir ↗Metasploit600
Panda Security PSEvents Privilege Escalation
Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
36RIESGO
abrir ↗Metasploit600
SugarCRM REST Unserialize PHP Code Execution
SugarCRM PHP Deserialization RCE
63RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.