Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
NetAlertX File Read Vulnerability
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and
48RIESGO
abrir ↗Metasploit600
Cacti Graph Template authenticated RCE versions prior to 1.2.29
Cacti allows Arbitrary File Creation leading to RCE
48RIESGO
abrir ↗Metasploit600
GestioIP 3.5.7 Remote Command Execution
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RIESGO
abrir ↗Metasploit300
Car Rental System 1.0 File Upload RCE (Authenticated)
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types a
28RIESGO
abrir ↗Metasploit300
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl
100RIESGO
abrir ↗Metasploit600
Remote Code Execution Vulnerability in Vvveb
givanz Vvveb Code Editor code.php save code injection
28RIESGO
abrir ↗Metasploit600
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RIESGO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
Clinics Patient Management System SQL Injection
43RIESGO
abrir ↗Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
SourceCodester Clinics Patient Management System unrestricted upload
28RIESGO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
23RIESGO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
41RIESGO
abrir ↗Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
36RIESGO
abrir ↗Metasploit600
Windows Cloud File Mini Filer Driver Heap Overflow
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Metasploit600
Craft CMS Twig Template Injection RCE via FTP Templates Path
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RIESGO
abrir ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RIESGO
abrir ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
95RIESGO
abrir ↗Metasploit600
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_
36RIESGO
abrir ↗Metasploit600
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote com
55RIESGO
abrir ↗Metasploit600
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RIESGO
abrir ↗Metasploit300
LINQPad Deserialization
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(
36RIESGO
abrir ↗Metasploit600
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Command Injection leading to RCE via LDAP Misconfiguration
50RIESGO
abrir ↗Metasploit600
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
mySCADA myPRO OS Command Injection
55RIESGO
abrir ↗Metasploit500
Ubuntu needrestart Privilege Escalation
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tric
41RIESGO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
100RIESGO
abrir ↗Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
100RIESGO
abrir ↗Metasploit600
LibreNMS Authenticated RCE (CVE-2024-51092)
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutContr
43RIESGO
abrir ↗Metasploit600
WordPress WP Time Capsule Arbitrary File Upload to RCE
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RIESGO
abrir ↗Metasploit600
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RIESGO
abrir ↗Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir ↗Metasploit600
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the f
36RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.