Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
TeamPass 3.0.0.21 - SQL Injection
CVE-2023-1545HIGH22 mar 2025
SQL Injection in nilsteampassnet/teampass
41RIESGO
abrir
Exploit-DB
JUX Real Estate 3.4.0 - SQL Injection
CVE-2025-2126MEDIUM20 mar 2025
JoomlaUX JUX Real Estate GET Parameter realties sql injection
33RIESGO
abrir
Exploit-DB
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
CVE-2023-015919 mar 2025
Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
50RIESGO
abrir
Exploit-DB
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
CVE-2023-4220HIGH18 mar 2025
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir
Exploit-DB
Devika v1 - Path Traversal via 'snapshot_path'
CVE-2024-40422CRITICAL04 ago 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path tr
68RIESGO
abrir
Exploit-DB
SolarWinds Platform 2024.1 SR1 - Race Condition
CVE-2024-28999MEDIUM26 jun 2024
SolarWinds Platform Race Condition Vulnerability
38RIESGO
abrir
Exploit-DB
htmlLawed 1.2.5 - Remote Code Execution (RCE)
CVE-2022-35914CRITICALbajo ataque19 may 2024
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
100RIESGO
abrir
Exploit-DB
Wordpress Theme XStore 9.3.8 - SQLi
CVE-2024-33559CRITICAL19 may 2024
WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability
48RIESGO
abrir
Exploit-DB
Apache OFBiz 18.12.12 - Directory Traversal
CVE-2024-32113CRITICALbajo ataque19 may 2024
Apache OFBiz: Path traversal leading to RCE
100RIESGO
abrir
Exploit-DB
Apache mod_proxy_cluster 1.2.6 - Stored XSS
CVE-2023-6710MEDIUM13 may 2024
Mod_cluster/mod_proxy_cluster: stored cross site scripting
33RIESGO
abrir
Exploit-DB
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
CVE-2024-3400CRITICALbajo ataqueransomware21 abr 2024
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir
Exploit-DB
Laravel Framework 11 - Credential Leakage
CVE-2024-2929121 abr 2024
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/log
23RIESGO
abrir
Exploit-DB
OpenClinic GA 5.247.01 - Information Disclosure
CVE-2023-40278HIGH15 abr 2024
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the pr
41RIESGO
abrir
Exploit-DB
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
CVE-2023-40279HIGH15 abr 2024
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page param
41RIESGO
abrir
Exploit-DB
Jenkins 2.441 - Local File Inclusion
CVE-2024-23897CRITICALbajo ataqueransomware15 abr 2024
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
Exploit-DB
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
CVE-2024-31777CRITICAL12 abr 2024
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted fil
48RIESGO
abrir
Exploit-DB
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
CVE-2023-6019CRITICAL12 abr 2024
Ray Command Injection in cpu_profile Parameter
85RIESGO
abrir
Exploit-DB
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
CVE-2024-24747HIGH12 abr 2024
MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
53RIESGO
abrir
Exploit-DB
Casdoor < v1.331.0 - '/api/set-password' CSRF
CVE-2023-3492702 abr 2024
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RIESGO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - SQL Injection
CVE-2024-24495CRITICAL02 abr 2024
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbit
48RIESGO
abrir
Exploit-DB
Gibbon LMS v26.0.00 - SSTI vulnerability
CVE-2024-24724CRITICAL02 abr 2024
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re
53RIESGO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
CVE-2024-24494MEDIUM02 abr 2024
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via t
38RIESGO
abrir
Exploit-DB
Axigen < 10.5.7 - Persistent Cross-Site Scripting
CVE-2023-48974CRITICAL02 abr 2024
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges
48RIESGO
abrir
Exploit-DB
Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
CVE-2024-21338HIGHbajo ataqueransomware02 abr 2024
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir
Exploit-DB
Daily Habit Tracker 1.0 - Broken Access Control
CVE-2024-24496CRITICAL02 abr 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php,
53RIESGO
abrir
Exploit-DB
GL-iNet MT6000 4.5.5 - Arbitrary File Download
CVE-2024-27356HIGH02 abr 2024
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially
46RIESGO
abrir
Exploit-DB
Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
CVE-2023-4602420 mar 2024
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers
23RIESGO
abrir
Exploit-DB
Employee Management System 1.0 - 'admin_id' SQLi
CVE-2024-28595CRITICAL20 mar 2024
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the ad
48RIESGO
abrir
Exploit-DB
HNAS SMU 14.8.7825 - Information Disclosure
CVE-2023-6538HIGH20 mar 2024
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
41RIESGO
abrir
Exploit-DB
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
CVE-2024-25004HIGH14 mar 2024
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.