Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.044exploits catalogados
31.616CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.077VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
NiceGUI 3.6.1 - Path Traversal
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
41RIESGO
abrir ↗Exploit-DB
Js2Py 0.74 - RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir ↗Exploit-DB
Windows 11 25H2 - Heap Overflow
Windows Hyper-V Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
Windows 11 25H2 - Heap Overflow
Windows Hyper-V Remote Code Execution Vulnerability
41RIESGO
abrir ↗Exploit-DB
FUXA 1.2.8 - Authentication Bypass + RCE Exploit
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RIESGO
abrir ↗Exploit-DB
Repetier-Server 1.4.10 - Path Traversal
Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
48RIESGO
abrir ↗Exploit-DB
Erugo 0.2.14 - Remote Code Execution (RCE)
Authenticated Remote Code Execution via Arbitrary File Upload
48RIESGO
abrir ↗Exploit-DB
Frigate NVR 0.16.3 - Remote Code Execution
Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
48RIESGO
abrir ↗Exploit-DB
Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir ↗Exploit-DB
HUSTOJ Zip-Slip v26.01.24 - RCE
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RIESGO
abrir ↗Exploit-DB
SUSE Manager 4.3.15 - Code Execution
SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint
53RIESGO
abrir ↗Exploit-DB
Python-Multipart 0.0.22 - Path Traversal
Python-Multipart has Arbitrary File Write via Non-Default Configuration
41RIESGO
abrir ↗Exploit-DB
Camaleon CMS v2.9.0 - Path Traversal
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir ↗Exploit-DB
Windows 11 23H2 - Denial of Service (DoS)
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
41RIESGO
abrir ↗Exploit-DB
JUNG Smart Visu Server 1.1.1050 - Dos
JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication
41RIESGO
abrir ↗Exploit-DB
GeographicLib v2.5.1 - stack buffer overflow
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
41RIESGO
abrir ↗Exploit-DB
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)
41RIESGO
abrir ↗Exploit-DB
LangChain Core 1.2.4 - SSTI/RCE
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
53RIESGO
abrir ↗Exploit-DB
phpMyFAQ 4.0.16 - Improper Authorization
phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user
33RIESGO
abrir ↗Exploit-DB
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗Exploit-DB
HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
41RIESGO
abrir ↗Exploit-DB
Atlona ATOMERX21 - Authenticated Command Injection
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary comm
33RIESGO
abrir ↗Exploit-DB
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
Code Execution / Escalation of Privileges in ThrottleStop
41RIESGO
abrir ↗Exploit-DB
React Server 19.2.0 - Remote Code Execution
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗Exploit-DB
xibocms 3.3.4 - RCE
Xibo CMS vulnerable to Remote Code Execution through Zip Slip
41RIESGO
abrir ↗Exploit-DB
Microsoft MMC MSC EvilTwin - Local Admin Creation
Microsoft Management Console Security Feature Bypass Vulnerability
83RIESGO
abrir ↗Exploit-DB
FortiWeb 8.0.2 - Remote Code Execution
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir ↗Exploit-DB
7-Zip 24.00 - Directory Traversal
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.