Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Linksys WRT120N tmUnblock Stack Buffer Overflow
Linksys WRT120N tmUnblock.cgi Stack-Based Buffer Overflow Admin Password Reset
28RIESGO
abrir ↗Metasploit600
Linksys E-Series TheMoon Remote Command Injection
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RIESGO
abrir ↗Metasploit300
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code v
100RIESGO
abrir ↗Metasploit600
Fritz!Box Webcm Unauthenticated Command Injection
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter t
60RIESGO
abrir ↗Metasploit500
MS14-009 .NET Deployment Service IE Sandbox Escape
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it
50RIESGO
abrir ↗Metasploit300
Apache Commons FileUpload and Apache Tomcat DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products,
60RIESGO
abrir ↗Metasploit300
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI f
50RIESGO
abrir ↗Metasploit300
Adobe Flash Player Integer Underflow Remote Code Execution
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Ma
100RIESGO
abrir ↗Metasploit600
Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution
Array Networks vAPV and vxAG Default Credential Privilege Escalation
43RIESGO
abrir ↗Metasploit400
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo
50RIESGO
abrir ↗Metasploit600
Pandora FMS Default Credential / SQLi Remote Code Execution
Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE
63RIESGO
abrir ↗Metasploit600
Zpanel Remote Unauthenticated RCE
ZPanel through 10.1.0 has Remote Command Execution
43RIESGO
abrir ↗Metasploit600
Pandora FMS Remote Code Execution
Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection
63RIESGO
abrir ↗Metasploit600
MediaWiki Thumb.php Remote Command Execution
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is
50RIESGO
abrir ↗Metasploit0
Kloxo SQL Injection and Remote Code Execution
Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
43RIESGO
abrir ↗Metasploit300
A10 Networks AX Loadbalancer Directory Traversal
A10 Networks AX Loadbalancer Path Traversal
36RIESGO
abrir ↗Metasploit600
SkyBlueCanvas CMS Remote Code Execution
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248
50RIESGO
abrir ↗Metasploit300
ManageEngine Support Center Plus Directory Traversal
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arb
50RIESGO
abrir ↗Metasploit600
Simple E-Document Arbitrary File Upload
Simple E-Document Arbitrary File Upload RCE
63RIESGO
abrir ↗Metasploit600
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
GE Proficy HMI/SCADA Path Traversal
78RIESGO
abrir ↗Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
50RIESGO
abrir ↗Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RIESGO
abrir ↗Metasploit300
Mac OS X Safari file:// Redirection Sandbox Escape
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allo
23RIESGO
abrir ↗Metasploit500
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RIESGO
abrir ↗Metasploit500
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RIESGO
abrir ↗Metasploit400
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before
50RIESGO
abrir ↗Metasploit500
HP AutoPass License Server File Upload
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RIESGO
abrir ↗Metasploit600
GetSimpleCMS PHP File Upload Vulnerability
GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload
36RIESGO
abrir ↗Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RIESGO
abrir ↗Metasploit500
HP Data Protector Backup Client Service Directory Traversal
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.