Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
CVE-2024-8856CRITICAL06 abr 2025
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RIESGO
abrir
Exploit-DB
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
CVE-2024-5910CRITICALbajo ataque06 abr 2025
Expedition: Missing Authentication Leads to Admin Account Takeover
100RIESGO
abrir
Exploit-DB
DataEase 2.4.0 - Database Configuration Information Exposure
CVE-2024-30269MEDIUM06 abr 2025
DataEase has database configuration information exposure vulnerability
53RIESGO
abrir
Exploit-DB
Watcharr 1.43.0 - Remote Code Execution (RCE)
CVE-2024-48827HIGH06 abr 2025
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the
41RIESGO
abrir
Exploit-DB
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
CVE-2023-536005 abr 2025
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
Exploit-DB
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
CVE-2024-35133MEDIUM05 abr 2025
IBM Security Verify Access HTTP open redirect
33RIESGO
abrir
Exploit-DB
Next.js Middleware 15.2.2 - Authorization Bypass
CVE-2025-29927CRITICAL05 abr 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
Exploit-DB
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
CVE-2025-2294CRITICAL05 abr 2025
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RIESGO
abrir
Exploit-DB
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
CVE-2024-1234MEDIUM05 abr 2025
Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
33RIESGO
abrir
Exploit-DB
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
CVE-2024-42640CRITICAL04 abr 2025
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Explo
75RIESGO
abrir
Exploit-DB
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
CVE-2024-9054HIGH04 abr 2025
Remote code Execution inTimeProvider® 4100
46RIESGO
abrir
Exploit-DB
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
CVE-2024-38200MEDIUM03 abr 2025
Microsoft Office Spoofing Vulnerability
38RIESGO
abrir
Exploit-DB
Vite 6.2.2 - Arbitrary File Read
CVE-2025-30208MEDIUM03 abr 2025
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir
Exploit-DB
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
CVE-2024-4007HIGH03 abr 2025
Hard coded default credential contained in install package
41RIESGO
abrir
Exploit-DB
AppSmith 1.47 - Remote Code Execution (RCE)
CVE-2024-55963MEDIUM03 abr 2025
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the
38RIESGO
abrir
Exploit-DB
Webmin Usermin 2.100 - Username Enumeration
CVE-2024-44762MEDIUM03 abr 2025
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid
48RIESGO
abrir
Exploit-DB
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
CVE-2024-42831MEDIUM02 abr 2025
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to ex
33RIESGO
abrir
Exploit-DB
SAP NetWeaver - 7.53 - HTTP Request Smuggling
CVE-2022-22536CRITICALbajo ataque02 abr 2025
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and
100RIESGO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
CVE-2024-6209CRITICAL02 abr 2025
unauthorized file access
53RIESGO
abrir
Exploit-DB
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
CVE-2024-6298CRITICAL02 abr 2025
remote code execution
53RIESGO
abrir
Exploit-DB
XWiki Standard 14.10 - Remote Code Execution (RCE)
CVE-2023-48292CRITICAL29 mar 2025
XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
53RIESGO
abrir
Exploit-DB
Litespeed Cache 6.5.0.1 - Authentication Bypass
CVE-2024-44000CRITICAL28 mar 2025
WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
85RIESGO
abrir
Exploit-DB
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
CVE-2024-4358CRITICALbajo ataque28 mar 2025
Registration Authentication Bypass Vulnerability
100RIESGO
abrir
Exploit-DB
CodeCanyon RISE CRM 3.7.0 - SQL Injection
CVE-2024-8945MEDIUM28 mar 2025
CodeCanyon RISE Ultimate Project Manager save sql injection
38RIESGO
abrir
Exploit-DB
Sonatype Nexus Repository 3.53.0-01 - Path Traversal
CVE-2024-4956HIGH28 mar 2025
Nexus Repository 3 - Path Traversal
61RIESGO
abrir
Exploit-DB
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
CVE-2024-23692CRITICALbajo ataque28 mar 2025
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RIESGO
abrir
Exploit-DB
KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
CVE-2024-46528MEDIUM27 mar 2025
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSp
33RIESGO
abrir
Exploit-DB
MoziloCMS 3.0 - Remote Code Execution (RCE)
CVE-2024-44871HIGH27 mar 2025
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute a
46RIESGO
abrir
Exploit-DB
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
CVE-2024-0132CRITICAL26 mar 2025
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
60RIESGO
abrir
Exploit-DB
Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
CVE-2024-21320MEDIUM22 mar 2025
Windows Themes Spoofing Vulnerability
38RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.