Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.053exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
PivotX Remote Code Execution
CVE-2025-52367MEDIUM10 jul 2025
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the
48RIESGO
abrir
Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
CVE-2025-53771MEDIUM08 jul 2025
Microsoft SharePoint Server Spoofing Vulnerability
50RIESGO
abrir
Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
CVE-2025-53770CRITICALbajo ataqueransomware08 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
CVE-2025-49704HIGHbajo ataqueransomware08 jul 2025
Microsoft SharePoint Remote Code Execution Vulnerability
88RIESGO
abrir
Metasploit600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
CVE-2025-49706MEDIUMbajo ataqueransomware08 jul 2025
Microsoft SharePoint Server Spoofing Vulnerability
100RIESGO
abrir
Metasploit600
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
CVE-2025-47812CRITICALbajo ataque30 jun 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
Metasploit300
Sudo Chroot 1.9.17 Privilege Escalation
CVE-2025-32463CRITICALbajo ataque30 jun 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
Metasploit300
Marvell QConvergeConsole Path Traversal (CVE-2025-6793)
CVE-2025-6793CRITICAL27 jun 2025
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
48RIESGO
abrir
Metasploit600
PandoraFMS Netflow Authenticated Remote Code Execution
CVE-2025-5306HIGH27 jun 2025
Command Injection in Netflow path
41RIESGO
abrir
Metasploit300
Multiple Brother devices authentication bypass via default administrator password generation
CVE-2024-51977MEDIUM25 jun 2025
Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
70RIESGO
abrir
Metasploit300
Multiple Brother devices authentication bypass via default administrator password generation
CVE-2024-51978CRITICAL25 jun 2025
Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.
68RIESGO
abrir
Metasploit600
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
CVE-2025-34510HIGH17 jun 2025
Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip
36RIESGO
abrir
Metasploit600
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
CVE-2025-34511HIGH17 jun 2025
Sitecore PowerShell Extension RCE via Unrestricted Upload
36RIESGO
abrir
Metasploit300
CVE-2025-33053 Exploit via Malicious .URL File and WebDAV
CVE-2025-33053HIGHbajo ataque11 jun 2025
Internet Shortcut Files Remote Code Execution Vulnerability
100RIESGO
abrir
Metasploit600
Pandora ITSM authenticated command injection leading to RCE via the backup function
CVE-2025-4653HIGH10 jun 2025
Remote Code Execution leads to Command Injection
36RIESGO
abrir
Metasploit600
n8n Workflow Expression Remote Code Execution
CVE-2025-68613CRITICALbajo ataque10 jun 2025
n8n Vulnerable to Remote Code Execution via Expression Injection
100RIESGO
abrir
Metasploit300
Listmonk Insecure Sprig Template Functions Environment Disclosure
CVE-2025-49136CRITICAL08 jun 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
43RIESGO
abrir
Metasploit600
Skyvern SSTI Remote Code Execution
CVE-2025-49619HIGH07 jun 2025
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks suc
61RIESGO
abrir
Metasploit600
Roundcube Post-Auth RCE via PHP Object Deserialization
CVE-2025-49113CRITICALbajo ataque02 jun 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir
Metasploit300
Remote for Mac Unauthenticated RCE
CVE-2025-34089CRITICAL27 may 2025
Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
63RIESGO
abrir
Metasploit600
vBulletin replaceAdTemplate Remote Code Execution
CVE-2025-48827CRITICAL23 may 2025
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers'
75RIESGO
abrir
Metasploit600
vBulletin replaceAdTemplate Remote Code Execution
CVE-2025-48828CRITICAL23 may 2025
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t
75RIESGO
abrir
Metasploit600
Invision Community 5.0.6 customCss RCE
CVE-2025-47916CRITICAL16 may 2025
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RIESGO
abrir
Metasploit600
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
CVE-2025-4428HIGHbajo ataque13 may 2025
Remote Code Execution
100RIESGO
abrir
Metasploit600
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
CVE-2025-4427MEDIUMbajo ataque13 may 2025
Authentication Bypass
100RIESGO
abrir
Metasploit300
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
CVE-2025-2011HIGH08 may 2025
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RIESGO
abrir
Metasploit600
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
CVE-2024-7399HIGHbajo ataque30 abr 2025
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
100RIESGO
abrir
Metasploit600
Erlang OTP Pre-Auth RCE Scanner and Exploit
CVE-2025-32433CRITICALbajo ataque16 abr 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
Metasploit600
Craft CMS Image Transform Preauth RCE (CVE-2025-32432)
CVE-2025-32432CRITICALbajo ataque14 abr 2025
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
Metasploit600
Web-Check Screenshot API Command Injection RCE
CVE-2025-32778CRITICAL12 abr 2025
Web-Check allows command Injection via Unvalidated URL in Screenshot API
68RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.