Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Camaleon CMS Directory Traversal CVE-2024-46987
CVE-2024-46987HIGH08 ago 2024
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir
Metasploit500
Asterisk AMI Originate Authenticated RCE
CVE-2024-42365HIGH08 ago 2024
Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
36RIESGO
abrir
Metasploit300
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVE-2024-7593CRITICALbajo ataque05 ago 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remo
100RIESGO
abrir
Metasploit600
Calibre Python Code Injection (CVE-2024-6782)
CVE-2024-6782CRITICAL31 jul 2024
Calibre Remote Code Execution
85RIESGO
abrir
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-2961HIGH26 jul 2024
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RIESGO
abrir
Metasploit600
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
CVE-2024-34102CRITICALbajo ataque26 jul 2024
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir
Metasploit600
Acronis Cyber Infrastructure default password remote code execution
CVE-2023-45249CRITICALbajo ataque24 jul 2024
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastruct
85RIESGO
abrir
Metasploit300
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
CVE-2024-20419CRITICAL20 jul 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauth
85RIESGO
abrir
Metasploit600
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
CVE-2024-11680CRITICALbajo ataque19 jul 2024
ProjectSend Unauthenticated Configuration Modification
100RIESGO
abrir
Metasploit600
Authenticated RCE in Splunk (splunk_archiver app)
CVE-2024-36985HIGH01 jul 2024
Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
36RIESGO
abrir
Metasploit600
Geoserver unauthenticated Remote Code Execution
CVE-2024-36401CRITICALbajo ataque01 jul 2024
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
Metasploit300
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
CVE-2024-5806CRITICAL25 jun 2024
MOVEit Transfer Authentication Bypass Vulnerability
85RIESGO
abrir
Metasploit300
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
CVE-2024-5276CRITICAL25 jun 2024
SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)
65RIESGO
abrir
Metasploit500
vCenter Sudo Privilege Escalation
CVE-2024-37081HIGH18 jun 2024
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An auth
36RIESGO
abrir
Metasploit300
Magento XXE Unserialize Arbitrary File Read
CVE-2024-34102CRITICALbajo ataque11 jun 2024
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir
Metasploit600
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
CVE-2024-30038HIGH11 jun 2024
Win32k Elevation of Privilege Vulnerability
36RIESGO
abrir
Metasploit600
Windows Access Mode Mismatch LPE in ks.sys
CVE-2024-35250HIGHbajo ataque11 jun 2024
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RIESGO
abrir
Metasploit600
PHP CGI Argument Injection Remote Code Execution
CVE-2024-4577CRITICALbajo ataqueransomware06 jun 2024
Argument Injection in PHP-CGI
100RIESGO
abrir
Metasploit300
Telerik Report Server Auth Bypass
CVE-2024-4358CRITICALbajo ataque04 jun 2024
Registration Authentication Bypass Vulnerability
100RIESGO
abrir
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-4358CRITICALbajo ataque04 jun 2024
Registration Authentication Bypass Vulnerability
100RIESGO
abrir
Metasploit600
Telerik Report Server Auth Bypass and Deserialization RCE
CVE-2024-1800CRITICAL04 jun 2024
Progress Telerik Report Server Deserialization
55RIESGO
abrir
Metasploit0
macOS PackageKit ZSH Environment Privilege Escalation
CVE-2024-27822HIGH03 jun 2024
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to
36RIESGO
abrir
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-32113CRITICALbajo ataque30 may 2024
Apache OFBiz: Path traversal leading to RCE
100RIESGO
abrir
Metasploit600
Apache OFBiz forgotPassword/ProgramExport RCE
CVE-2024-38856HIGHbajo ataque30 may 2024
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
100RIESGO
abrir
Metasploit600
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
CVE-2024-23692CRITICALbajo ataque25 may 2024
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RIESGO
abrir
Metasploit300
Ivanti EPM RecordGoodApp SQLi RCE
CVE-2024-29824CRITICALbajo ataque24 may 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated att
100RIESGO
abrir
Metasploit600
WordPress Hash Form Plugin RCE
CVE-2024-5084CRITICAL23 may 2024
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
75RIESGO
abrir
Metasploit600
Atlassian Confluence Administrator Code Macro Remote Code Execution
CVE-2024-21683HIGH21 may 2024
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and
78RIESGO
abrir
Metasploit600
Cacti Import Packages RCE
CVE-2024-25641CRITICAL12 may 2024
Cacti RCE vulnerability when importing packages
85RIESGO
abrir
Metasploit600
DIAEnergie SQL Injection (CVE-2024-4548)
CVE-2024-4548CRITICAL06 may 2024
Delta Electronics DIAEnergie SQL Injection
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.