Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-39205CRITICAL28 oct 2024
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a
68RIESGO
abrir
Metasploit600
CyberPanel Multi CVE Pre-auth RCE
CVE-2024-51568CRITICAL27 oct 2024
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecut
75RIESGO
abrir
Metasploit600
CyberPanel Multi CVE Pre-auth RCE
CVE-2024-51378CRITICALbajo ataqueransomware27 oct 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RIESGO
abrir
Metasploit600
CyberPanel Multi CVE Pre-auth RCE
CVE-2024-51567CRITICALbajo ataqueransomware27 oct 2024
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypas
100RIESGO
abrir
Metasploit600
Fortinet FortiManager Unauthenticated RCE
CVE-2024-47575CRITICALbajo ataque23 oct 2024
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2
100RIESGO
abrir
Metasploit300
OneDev Unauthenticated Arbitrary File Read
CVE-2024-45309HIGH19 oct 2024
OneDev vulnerable to arbitrary file reading for unauthenticated user
41RIESGO
abrir
Metasploit600
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
CVE-2024-5910CRITICALbajo ataque09 oct 2024
Expedition: Missing Authentication Leads to Admin Account Takeover
100RIESGO
abrir
Metasploit600
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
CVE-2024-24809HIGH09 oct 2024
Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type
48RIESGO
abrir
Metasploit600
Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection
CVE-2024-37404CRITICAL08 oct 2024
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Se
55RIESGO
abrir
Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
CVE-2024-47176MEDIUM26 sep 2024
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RIESGO
abrir
Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
CVE-2024-4717726 sep 2024
15RIESGO
abrir
Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
CVE-2024-47076HIGH26 sep 2024
libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
58RIESGO
abrir
Metasploit300
CUPS IPP Attributes LAN Remote Code Execution
CVE-2024-47175HIGH26 sep 2024
libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
48RIESGO
abrir
Metasploit300
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
CVE-2024-43917CRITICAL25 sep 2024
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
68RIESGO
abrir
Metasploit300
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
CVE-2024-8522CRITICAL11 sep 2024
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
75RIESGO
abrir
Metasploit300
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
CVE-2024-8529CRITICAL11 sep 2024
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'
68RIESGO
abrir
Metasploit600
VICIdial Authenticated Remote Code Execution
CVE-2024-8504HIGH10 sep 2024
VICIdial Authenticated Remote Code Execution
58RIESGO
abrir
Metasploit300
Vicidial SQL Injection Time-based Admin Credentials Enumeration
CVE-2024-8503CRITICAL10 sep 2024
VICIdial Unauthenticated SQL Injection
85RIESGO
abrir
Metasploit600
SPIP BigUp Plugin Unauthenticated RCE
CVE-2024-8517CRITICAL06 sep 2024
SPIP Bigup Multipart File Upload OS Command Injection
85RIESGO
abrir
Metasploit600
Wordpress LiteSpeed Cache plugin cookie theft
CVE-2024-44000CRITICAL04 sep 2024
WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
85RIESGO
abrir
Metasploit300
WhatsUp Gold SQL Injection (CVE-2024-6670)
CVE-2024-6670CRITICALbajo ataqueransomware29 ago 2024
WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
100RIESGO
abrir
Metasploit600
Moodle Remote Code Execution (CVE-2024-43425)
CVE-2024-43425HIGH27 ago 2024
Moodle: remote code execution via calculated question types
78RIESGO
abrir
Metasploit600
GiveWP Unauthenticated Donation Process Exploit
CVE-2024-8353CRITICAL25 ago 2024
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
68RIESGO
abrir
Metasploit600
GiveWP Unauthenticated Donation Process Exploit
CVE-2024-5932CRITICAL25 ago 2024
GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution
85RIESGO
abrir
Metasploit600
Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)
CVE-2024-31214CRITICAL23 ago 2024
Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution
48RIESGO
abrir
Metasploit600
Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)
CVE-2024-24809HIGH23 ago 2024
Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type
48RIESGO
abrir
Metasploit300
SolarWinds Web Help Desk Backdoor (CVE-2024-28987)
CVE-2024-28987CRITICALbajo ataque22 ago 2024
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
100RIESGO
abrir
Metasploit600
SPIP Unauthenticated RCE via porte_plume Plugin
CVE-2024-7954CRITICAL16 ago 2024
SPIP porte_plume Plugin Arbitrary PHP Execution
85RIESGO
abrir
Metasploit600
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
CVE-2024-45256CRITICAL15 ago 2024
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overw
43RIESGO
abrir
Metasploit600
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
CVE-2024-45257HIGH15 ago 2024
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbi
36RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.