Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.053exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
FortiWeb 8.0.2 - Remote Code Execution
CVE-2025-64446CRITICALbajo ataque08 abr 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
Exploit-DB
Fortinet FortiWeb v8.0.1 - Auth Bypass
CVE-2025-64446CRITICALbajo ataque06 abr 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
Exploit-DB
Windows Kernel - Elevation of Privilege
CVE-2025-62215HIGHbajo ataque06 abr 2026
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir
Exploit-DB
ASP.net 8.0.10 - Bypass
CVE-2025-55315CRITICAL06 abr 2026
ASP.NET Security Feature Bypass Vulnerability
60RIESGO
abrir
Exploit-DB
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
CVE-2025-59254HIGH06 abr 2026
Microsoft DWM Core Library Elevation of Privilege Vulnerability
41RIESGO
abrir
Exploit-DB
Boss Mini v1.4.0 - Local File Inclusion (LFI)
CVE-2023-3643HIGH03 mar 2026
Boss Mini document file inclusion
78RIESGO
abrir
Exploit-DB
WordPress Backup Migration 1.3.7 - Remote Command Execution
CVE-2023-6553CRITICAL03 mar 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
Exploit-DB
mailcow 2025-01a - Host Header Password Reset Poisoning
CVE-2025-25198HIGH03 mar 2026
mailcow: dockerized vulnerable to password reset poisoning
41RIESGO
abrir
Exploit-DB
motionEye 0.43.1b4 - RCE
CVE-2025-60787HIGH11 feb 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
Exploit-DB
Docker Desktop 4.44.3 - Unauthenticated API Exposure
CVE-2025-9074CRITICAL04 feb 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir
Exploit-DB
OctoPrint 1.11.2 - File Upload
CVE-2025-58180HIGH04 feb 2026
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
46RIESGO
abrir
Exploit-DB
Siklu EtherHaul Series EH-8010 - Remote Command Execution
CVE-2025-57174CRITICAL17 ene 2026
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and p
48RIESGO
abrir
Exploit-DB
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558HIGH25 dic 2025
Remote code execution via ND6 Router Advertisements
56RIESGO
abrir
Exploit-DB
esm-dev 136 - Path Traversal
CVE-2025-59342MEDIUM16 dic 2025
esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
48RIESGO
abrir
Exploit-DB
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-1173608 dic 2025
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute a
23RIESGO
abrir
Exploit-DB
phpIPAM 1.4 - SQL-Injection
CVE-2019-1669303 dic 2025
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
23RIESGO
abrir
Exploit-DB
Django 5.1.13 - SQL Injection
CVE-2025-64459CRITICAL03 dic 2025
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RIESGO
abrir
Exploit-DB
phpMyAdmin 5.0.0 - SQL Injection
CVE-2020-550403 dic 2025
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could
35RIESGO
abrir
Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
CVE-2017-1573503 dic 2025
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
23RIESGO
abrir
Exploit-DB
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
CVE-2017-1580803 dic 2025
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
23RIESGO
abrir
Exploit-DB
OpenRepeater 2.1 - OS Command Injection
CVE-2019-2502403 dic 2025
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_sy
28RIESGO
abrir
Exploit-DB
phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
CVE-2017-1573403 dic 2025
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
23RIESGO
abrir
Exploit-DB
openSIS Community Edition 8.0 - SQL Injection
CVE-2021-4061703 dic 2025
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
23RIESGO
abrir
Exploit-DB
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
CVE-2020-1571603 dic 2025
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip
23RIESGO
abrir
Exploit-DB
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
CVE-2020-1571803 dic 2025
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc
38RIESGO
abrir
Exploit-DB
PluckCMS 4.7.10 - Unrestricted File Upload
CVE-2020-20969HIGH03 dic 2025
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_resto
41RIESGO
abrir
Exploit-DB
MaNGOSWebV4 4.0.6 - Reflected XSS
CVE-2017-647803 dic 2025
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RIESGO
abrir
Exploit-DB
MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
CVE-2018-25080LOW03 dic 2025
MobileDetect Example session_example.php initLayoutType cross site scripting
28RIESGO
abrir
Exploit-DB
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
CVE-2022-0088LOW02 dic 2025
Cross-Site Request Forgery (CSRF) in yourls/yourls
28RIESGO
abrir
Exploit-DB
phpIPAM 1.5.1 - SQL Injection
CVE-2023-1211HIGH02 dic 2025
SQL Injection in phpipam/phpipam
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.