Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.046exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
8060 exploits
VulnCheck XDB
initial-access
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RIESGO
abrir ↗VulnCheck XDB
info-leak
Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
56RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RIESGO
abrir ↗VulnCheck XDB
initial-access
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RIESGO
abrir ↗VulnCheck XDB
initial-access
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RIESGO
abrir ↗VulnCheck XDB
initial-access
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RIESGO
abrir ↗VulnCheck XDB
client-side
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir ↗VulnCheck XDB
initial-access
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗VulnCheck XDB
initial-access
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RIESGO
abrir ↗VulnCheck XDB
info-leak
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RIESGO
abrir ↗VulnCheck XDB
initial-access
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RIESGO
abrir ↗VulnCheck XDB
local
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
41RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗VulnCheck XDB
initial-access
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RIESGO
abrir ↗VulnCheck XDB
initial-access
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.