Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.044exploits catalogados
31.616CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
CVE-2025-66294HIGH01 dic 2025
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
36RIESGO
abrir
Metasploit600
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
CVE-2025-66301HIGH01 dic 2025
Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
36RIESGO
abrir
Metasploit300
GeoServer WMS GetMap XXE Arbitrary File Read
CVE-2025-58360HIGHbajo ataque25 nov 2025
GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
98RIESGO
abrir
Metasploit300
N-able N-Central Authentication Bypass and XXE Scanner
CVE-2025-11700HIGH17 nov 2025
N-central Multiple XXE Injection Vulnerabilities
68RIESGO
abrir
Metasploit300
N-able N-Central Authentication Bypass and XXE Scanner
CVE-2025-9316MEDIUM17 nov 2025
N-central unauthenticated sessionID generation
60RIESGO
abrir
Metasploit300
Fortinet FortiWeb create new local admin
CVE-2025-64446CRITICALbajo ataque14 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
Metasploit600
Fortinet FortiWeb unauthenticated RCE
CVE-2025-64446CRITICALbajo ataque14 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
Metasploit600
Fortinet FortiWeb unauthenticated RCE
CVE-2025-58034MEDIUMbajo ataque14 nov 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RIESGO
abrir
Metasploit600
FreePBX filestore authenticated command injection
CVE-2025-64328HIGHbajo ataque08 nov 2025
FreePBX Administration GUI is Vulnerable to Authenticated Command Injection
100RIESGO
abrir
Metasploit600
Monsta FTP downloadFile Remote Code Execution
CVE-2025-34299CRITICAL07 nov 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RIESGO
abrir
Metasploit600
WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE
CVE-2025-11749CRITICAL04 nov 2025
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RIESGO
abrir
Metasploit600
WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE
CVE-2025-8489CRITICAL30 oct 2025
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
43RIESGO
abrir
Metasploit600
Taiga tribe_gig authenticated unserialize remote code execution
CVE-2025-62368CRITICAL28 oct 2025
Taiga Authenticated Remote Code Execution
43RIESGO
abrir
Metasploit600
Magento SessionReaper
CVE-2025-54236CRITICALbajo ataque22 oct 2025
Adobe Commerce | Improper Input Validation (CWE-20)
100RIESGO
abrir
Metasploit500
Windows Server Update Service Deserialization Remote Code Execution
CVE-2025-59287CRITICALbajo ataque14 oct 2025
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
SmarterTools SmarterMail GUID File Upload Vulnerability
CVE-2025-52691CRITICALbajo ataqueransomware09 oct 2025
Upload Arbitrary Files
100RIESGO
abrir
Metasploit600
Oracle E-Business Suite CVE-2025-61882 RCE
CVE-2025-61882CRITICALbajo ataqueransomware04 oct 2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RIESGO
abrir
Metasploit600
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter
CVE-2025-5946HIGH24 sep 2025
RCE via the poller reload feature available only to user with high privilege
41RIESGO
abrir
Metasploit600
Flowise JS Injection RCE
CVE-2025-59528CRITICAL13 sep 2025
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
Metasploit600
Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)
CVE-2025-60787HIGH09 sep 2025
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
Metasploit600
FreePBX ajax.php unauthenticated SQLi to RCE
CVE-2025-57819CRITICALbajo ataque28 ago 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
CVE-2025-57791MEDIUM19 ago 2025
Argument Injection Vulnerability in CommServe
33RIESGO
abrir
Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
CVE-2025-57788MEDIUM19 ago 2025
Unauthorized API Access Risk
28RIESGO
abrir
Metasploit600
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
CVE-2025-57790HIGH19 ago 2025
Path Traversal Vulnerability
41RIESGO
abrir
Metasploit600
Flowise Custom MCP Remote Code Execution
CVE-2025-8943CRITICAL14 ago 2025
Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
65RIESGO
abrir
Metasploit400
Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (time param)
CVE-2025-34152CRITICAL07 ago 2025
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RIESGO
abrir
Metasploit600
Grav CMS Admin Direct Install Authenticated Plugin Upload RCE
CVE-2025-50286HIGH07 ago 2025
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RIESGO
abrir
Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Template Import
CVE-2026-32985CRITICAL04 ago 2025
Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution
63RIESGO
abrir
Metasploit600
WordPress StoryChief Plugin Unauthenticated RCE
CVE-2025-7441CRITICAL04 ago 2025
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
Metasploit600
Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)
CVE-2025-34300CRITICAL16 jul 2025
Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
75RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.