Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Windows Net-NTLMv2 Reflection DCOM/RPC
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RIESGO
abrir ↗Metasploit300
Fortinet SSH Backdoor Scanner
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
60RIESGO
abrir ↗Metasploit300
Juniper SSH Backdoor Scanner
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
100RIESGO
abrir ↗Metasploit600
D-Link DCS-930L Authenticated Remote Command Execution
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in th
98RIESGO
abrir ↗Metasploit600
TP-Link SC2020n Authenticated Telnet Injection
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be
60RIESGO
abrir ↗Metasploit600
blueman set_dhcp_handler D-Bus Privilege Escalation
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users
38RIESGO
abrir ↗Metasploit300
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discove
38RIESGO
abrir ↗Metasploit300
IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attacke
18RIESGO
abrir ↗Metasploit600
Joomla HTTP Header Unauthenticated Remote Code Execution
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RIESGO
abrir ↗Metasploit600
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e
60RIESGO
abrir ↗Metasploit300
MS15-134 Microsoft Windows Media Center MCL Information Disclosure
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers t
50RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allo
60RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511
50RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 misha
98RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges v
50RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold an
60RIESGO
abrir ↗Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
60RIESGO
abrir ↗Metasploit300
Windows WMI Receive Notification Exploit
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to g
91RIESGO
abrir ↗Metasploit300
Easy File Sharing HTTP Server 7.2 SEH Overflow
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code
60RIESGO
abrir ↗Metasploit600
Advantech Switch Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5)
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RIESGO
abrir ↗Metasploit600
ABRT sosreport Privilege Escalation
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RIESGO
abrir ↗Metasploit600
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RIESGO
abrir ↗Metasploit300
OpenNMS Java Object Unserialization Remote Code Execution
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RIESGO
abrir ↗Metasploit600
IBM WebSphere RCE Java Deserialization Vulnerability
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RIESGO
abrir ↗Metasploit600
vBulletin 5.1.2 Unserialize Code Execution
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PH
60RIESGO
abrir ↗Metasploit600
Atlassian HipChat for Jira Plugin Velocity Template Injection
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RIESGO
abrir ↗Metasploit600
Joomla Content History SQLi Remote Code Execution
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir ↗Metasploit600
Joomla Content History SQLi Remote Code Execution
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir ↗Metasploit600
Joomla Content History SQLi Remote Code Execution
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.