Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RIESGO
abrir ↗Exploit-DB
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive)
23RIESGO
abrir ↗Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RIESGO
abrir ↗Exploit-DB
WebKit - UXSS via XSLT and Nested Document Replacements
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This i
23RIESGO
abrir ↗Exploit-DB
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template
23RIESGO
abrir ↗Exploit-DB
Adive Framework 2.0.7 - Cross-Site Request Forgery
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
23RIESGO
abrir ↗Exploit-DB
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
43RIESGO
abrir ↗Exploit-DB
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This v
43RIESGO
abrir ↗Exploit-DB
WordPress Plugin JoomSport 3.3 - SQL Injection
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via
28RIESGO
abrir ↗Exploit-DB
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir ↗Exploit-DB
macOS iMessage - Heap Overflow when Deserializing
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A rem
28RIESGO
abrir ↗Exploit-DB
SilverSHielD 6.x - Local Privilege Escalation
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The
23RIESGO
abrir ↗Exploit-DB
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported versi
23RIESGO
abrir ↗Exploit-DB
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RIESGO
abrir ↗Exploit-DB
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
23RIESGO
abrir ↗Exploit-DB
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.
28RIESGO
abrir ↗Exploit-DB
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchO
28RIESGO
abrir ↗Exploit-DB
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10
28RIESGO
abrir ↗Exploit-DB
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
28RIESGO
abrir ↗Exploit-DB
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RIESGO
abrir ↗Exploit-DB
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RIESGO
abrir ↗Exploit-DB
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
23RIESGO
abrir ↗Exploit-DB
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
71RIESGO
abrir ↗Exploit-DB
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RIESGO
abrir ↗Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RIESGO
abrir ↗Exploit-DB
Moodle Filepicker 3.5.2 - Server Side Request Forgery
Moodle 3.x has Server Side Request Forgery in the filepicker.
28RIESGO
abrir ↗Exploit-DB
pdfresurrect 0.15 - Buffer Overflow
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is misha
23RIESGO
abrir ↗Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL
28RIESGO
abrir ↗Exploit-DB
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
23RIESGO
abrir ↗Exploit-DB
Ovidentia 8.4.3 - Cross-Site Scripting
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=crea
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.