Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.002exploits catalogados
31.582CVEs con explotación pública
19.780 exploits
Referência
CVE-2026-56111
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RIESGO
abrir
Referência
CVE-2026-9710
Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure
41RIESGO
abrir
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Referência
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Referência
CVE-2020-14883
CVE-2020-14883HIGHbajo ataque
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
Referência
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which all
60RIESGO
abrir
Referência
CVE-2020-17519
CVE-2020-17519CRITICALbajo ataque
Apache Flink directory traversal attack: reading remote files through the REST API
100RIESGO
abrir
Referência
CVE-2010-1653
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! a
43RIESGO
abrir
Referência
CVE-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
Referência
CVE-2020-11738
CVE-2020-11738HIGHbajo ataque
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir
Referência
CVE-2020-11738
CVE-2020-11738HIGHbajo ataque
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir
Referência
CVE-2023-38831
CVE-2023-38831HIGHbajo ataqueransomware
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
Referência
CVE-2022-21661
SQL injection in WordPress
78RIESGO
abrir
Referência
CVE-2026-7740
justdan96 tsMuxer vvc.cpp setFPS denial of service
33RIESGO
abrir
Referência
CVE-2026-7739
justdan96 tsMuxer hevc.cpp setFPS denial of service
33RIESGO
abrir
Referência
CVE-2026-7738
puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
33RIESGO
abrir
Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RIESGO
abrir
Referência
CVE-2018-15745
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RIESGO
abrir
Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RIESGO
abrir
Referência
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RIESGO
abrir
Referência
CVE-2025-32433
CVE-2025-32433CRITICALbajo ataque
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
Referência
CVE-2016-7621
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchO
23RIESGO
abrir
Referência
CVE-2019-19781
CVE-2019-19781CRITICALbajo ataqueransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RIESGO
abrir
Referência
CVE-2026-7732
code-projects BloodBank Managing System request_blood.php unrestricted upload
33RIESGO
abrir
Referência
CVE-2022-43769
CVE-2022-43769HIGHbajo ataque
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RIESGO
abrir
Referência
CVE-2015-7450
CVE-2015-7450CRITICALbajo ataque
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RIESGO
abrir
Referência
CVE-2023-0315
Command Injection in froxlor/froxlor
78RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.