Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Apache Httpd mod_rewrite - Open Redirects
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential m
60RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memo
23RIESGO
abrir ↗Exploit-DB
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform action
41RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
23RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Window
23RIESGO
abrir ↗Exploit-DB
TP-Link TL-WR1043ND 2 - Authentication Bypass
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packe
28RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RIESGO
abrir ↗Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RIESGO
abrir ↗Exploit-DB
XNU - Remote Double-Free via Data Race in IPComp Input Path
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS
23RIESGO
abrir ↗Exploit-DB
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution
vBulletin through 5.5.4 mishandles custom avatars.
28RIESGO
abrir ↗Exploit-DB
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" i
23RIESGO
abrir ↗Exploit-DB
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root pr
53RIESGO
abrir ↗Exploit-DB
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien
23RIESGO
abrir ↗Exploit-DB
Android - Binder Driver Use-After-Free
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RIESGO
abrir ↗Exploit-DB
AnchorCMS < 0.12.3a - Information Disclosure
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RIESGO
abrir ↗Exploit-DB
mintinstall 7.9.9 - Code Execution
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by a
23RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Exploit-DB
DotNetNuke < 9.4.0 - Cross-Site Scripting
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the mali
23RIESGO
abrir ↗Exploit-DB
phpIPAM 1.4 - SQL Injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is us
28RIESGO
abrir ↗Exploit-DB
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
23RIESGO
abrir ↗Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
53RIESGO
abrir ↗Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability
53RIESGO
abrir ↗Exploit-DB
GoAhead 2.5.0 - Host Header Injection
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) cre
23RIESGO
abrir ↗Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
46RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.