Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.044exploits catalogados
31.616CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.077VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
Krayin CRM v2.2.x - Authenticated Remote Code Execution
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir ↗Exploit-DB
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RIESGO
abrir ↗Exploit-DB
Hydra - Stack Buffer Overflow
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RIESGO
abrir ↗Exploit-DB
Tenable Nessus 10.12.1 - SQL Injection
SQL Injection in Nessus via Malicious Scan Result File Import
28RIESGO
abrir ↗Exploit-DB
Flowise 3.1.3 - arbitrary code execution
Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
28RIESGO
abrir ↗Exploit-DB
Discuz! X5.0 - Authentication Bypass
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RIESGO
abrir ↗Exploit-DB
Joomla Extension 4.1.4 - PHP Object injection
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RIESGO
abrir ↗Exploit-DB
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir ↗Exploit-DB
KeepInMind 0.8.4.2 - Stored XSS
KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
33RIESGO
abrir ↗Exploit-DB
Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
48RIESGO
abrir ↗Exploit-DB
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.e
41RIESGO
abrir ↗Exploit-DB
OpenEMR 7.0.2 - Arbitrary File Read
OpenEMR Arbitrary File Read Vulnerability
48RIESGO
abrir ↗Exploit-DB
Drupal Core 10.5.5 - Error-Based SQL Injection
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗Exploit-DB
WordPress OrderConvo 14 - Path Traversal
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RIESGO
abrir ↗Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir ↗Exploit-DB
Notepad++ 8.9.6 - Arbitrary Code Execution
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir ↗Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir ↗Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RIESGO
abrir ↗Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir ↗Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir ↗Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗Exploit-DB
Langflow 1.3.0 - Remote Code Execution
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir ↗Exploit-DB
MikroORM 7.0.13 - SQL Injection
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RIESGO
abrir ↗Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart: Reflected XSS in Store Search Bar
33RIESGO
abrir ↗página 1 / 749siguiente →
Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.