Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.469 exploits
Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir ↗Exploit-DB
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthent
35RIESGO
abrir ↗Exploit-DB
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly
28RIESGO
abrir ↗Exploit-DB
Microsoft Exchange 2003 - base64-MIME Remote Code Execution
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, wh
35RIESGO
abrir ↗Exploit-DB
Symantec DLP 15.5 MP1 - Cross-Site Scripting
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue th
23RIESGO
abrir ↗Exploit-DB
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RIESGO
abrir ↗Exploit-DB
Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RIESGO
abrir ↗Exploit-DB
Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RIESGO
abrir ↗Exploit-DB
Centreon 19.04 - Remote Code Execution
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitra
35RIESGO
abrir ↗Exploit-DB
SAP Crystal Reports - Information Disclosure
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive databas
23RIESGO
abrir ↗Exploit-DB
LibreNMS 1.46 - 'addhost' Remote Code Execution
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RIESGO
abrir ↗Exploit-DB
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RIESGO
abrir ↗Exploit-DB
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RIESGO
abrir ↗Exploit-DB
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RIESGO
abrir ↗Exploit-DB
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Windows Common Log File System Driver Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Exploit-DB
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Windows ALPC Elevation of Privilege Vulnerability
23RIESGO
abrir ↗Exploit-DB
dotProject 2.1.9 - SQL Injection
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Ori
28RIESGO
abrir ↗Exploit-DB
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Nam
23RIESGO
abrir ↗Exploit-DB
GrandNode 4.40 - Path Traversal / Arbitrary File Download
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows
50RIESGO
abrir ↗Exploit-DB
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
23RIESGO
abrir ↗Exploit-DB
SeedDMS versions < 5.1.11 - Remote Command Execution
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a differe
28RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.