Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir
Referência
CVE-2016-7089
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifco
23RIESGO
abrir
Referência
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RIESGO
abrir
Referência
CVE-2026-7730
privsim mcp-test-runner MCP index.ts child_process.spawn os command injection
33RIESGO
abrir
Referência
CVE-2026-7729
pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery
33RIESGO
abrir
Referência
CVE-2026-7728
ryanjoachim mcp-rtfm MCP update_doc path traversal
33RIESGO
abrir
Referência
CVE-2026-56115
Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass
41RIESGO
abrir
Referência
CVE-2026-7725
PrefectHQ prefect GitRepository Pull storage.py argument injection
33RIESGO
abrir
Referência
CVE-2026-7724
PrefectHQ prefect Webhook/Notification validate_restricted_url toctou
28RIESGO
abrir
Referência
CVE-2026-4110
Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list
33RIESGO
abrir
Referência
CVE-2026-10530
Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token
33RIESGO
abrir
Referência
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain syste
23RIESGO
abrir
Referência
CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
33RIESGO
abrir
Referência
CVE-2026-7711
MindsDB Engine proc_wrapper.py exec unrestricted upload
33RIESGO
abrir
Referência
CVE-2026-7709
janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization
33RIESGO
abrir
Referência
CVE-2026-7708
Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service
33RIESGO
abrir
Referência
CVE-2019-25749
Joomla J-CruisePortal 6.0.4 SQL Injection via cruises
41RIESGO
abrir
Referência
CVE-2026-7672
youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
33RIESGO
abrir
Referência
CVE-2026-7671
CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication
33RIESGO
abrir
Referência
CVE-2026-7669
sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
33RIESGO
abrir
Referência
CVE-2026-7669
sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
33RIESGO
abrir
Referência
CVE-2026-7668
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
33RIESGO
abrir
Referência
CVE-2026-7653
r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
33RIESGO
abrir
Referência
CVE-2026-7645
ruvnet sublinear-time-solver MCP server.js export_state path traversal
33RIESGO
abrir
Referência
CVE-2016-1611
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.
23RIESGO
abrir
Referência
CVE-2026-7384
ezequiroga mcp-bases research_server.py search_papers path traversal
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.