Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RIESGO
abrir ↗Exploit-DB
Adive Framework 2.0.7 - Privilege Escalation
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an ad
23RIESGO
abrir ↗Exploit-DB
Android Janus - APK Signature Bypass (Metasploit)
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,
43RIESGO
abrir ↗Exploit-DB
rConfig - install Command Execution (Metasploit)
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RIESGO
abrir ↗Exploit-DB
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPad
23RIESGO
abrir ↗Exploit-DB
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RIESGO
abrir ↗Exploit-DB
Nostromo - Directory Traversal Remote Command Execution (Metasploit)
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RIESGO
abrir ↗Exploit-DB
Apache Solr 8.2.0 - Remote Code Execution
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RIESGO
abrir ↗Exploit-DB
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queri
28RIESGO
abrir ↗Exploit-DB
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Proc
23RIESGO
abrir ↗Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, W
23RIESGO
abrir ↗Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Wind
28RIESGO
abrir ↗Exploit-DB
rConfig 3.9.2 - Remote Code Execution
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RIESGO
abrir ↗Exploit-DB
PHP-FPM + Nginx - Remote Code Execution
Underflow in PHP-FPM can lead to RCE
100RIESGO
abrir ↗Exploit-DB
ClonOs WEB UI 19.09 - Improper Access Control
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be
23RIESGO
abrir ↗Exploit-DB
Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RIESGO
abrir ↗Exploit-DB
Rocket.Chat 2.1.0 - Cross-Site Scripting
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
23RIESGO
abrir ↗Exploit-DB
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RIESGO
abrir ↗Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from
23RIESGO
abrir ↗Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthor
23RIESGO
abrir ↗Exploit-DB
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to
28RIESGO
abrir ↗Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RIESGO
abrir ↗Exploit-DB
Solaris 11.4 - xscreensaver Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RIESGO
abrir ↗Exploit-DB
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RIESGO
abrir ↗Exploit-DB
Whatsapp 2.19.216 - Remote Code Execution
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version
35RIESGO
abrir ↗Exploit-DB
sudo 1.8.27 - Security Bypass
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RIESGO
abrir ↗Exploit-DB
Kirona-DRS 5.5.3.5 - Information Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RIESGO
abrir ↗Exploit-DB
Apache Httpd mod_rewrite - Open Redirects
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential m
60RIESGO
abrir ↗Exploit-DB
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page
60RIESGO
abrir ↗Exploit-DB
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is m
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.