Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)
CVE-2024-41357HIGH02 dic 2025
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
41RIESGO
abrir
Exploit-DB
phpIPAM 1.5.1 - SQL Injection
CVE-2023-1211HIGH02 dic 2025
SQL Injection in phpipam/phpipam
41RIESGO
abrir
Exploit-DB
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
CVE-2022-0088LOW02 dic 2025
Cross-Site Request Forgery (CSRF) in yourls/yourls
28RIESGO
abrir
Exploit-DB
Piwigo 13.6.0 - SQL Injection
CVE-2023-33362CRITICAL02 dic 2025
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
48RIESGO
abrir
Exploit-DB
Flowise 3.0.4 - Remote Code Execution (RCE)
CVE-2025-59528CRITICAL31 oct 2025
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
Exploit-DB
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
CVE-2023-3492729 oct 2025
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RIESGO
abrir
Exploit-DB
HTTP/2 2.0 - Denial Of Service (DOS)
CVE-2023-44487HIGHbajo ataque16 sep 2025
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir
Exploit-DB
ClipBucket 5.5.0 - Arbitrary File Upload
CVE-2025-55912HIGH16 sep 2025
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in
41RIESGO
abrir
Exploit-DB
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
CVE-2025-24893CRITICALbajo ataque16 sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
Exploit-DB
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
CVE-2023-3492716 sep 2025
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo
23RIESGO
abrir
Exploit-DB
HTMLDOC 1.9.13 - Stack Buffer Overflow
CVE-2021-4357916 sep 2025
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim co
23RIESGO
abrir
Exploit-DB
Tourism Management System 2.0 - Arbitrary Shell Upload
CVE-2025-57642HIGH16 sep 2025
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP she
41RIESGO
abrir
Exploit-DB
Mbed TLS 3.6.4 - Use-After-Free
CVE-2025-47917HIGH16 sep 2025
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance wit
41RIESGO
abrir
Exploit-DB
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
CVE-2025-8311CRITICAL16 sep 2025
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpo
48RIESGO
abrir
Exploit-DB
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
CVE-2025-6082MEDIUM26 ago 2025
Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
33RIESGO
abrir
Exploit-DB
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
CVE-2025-4427MEDIUMbajo ataque26 ago 2025
Authentication Bypass
100RIESGO
abrir
Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
CVE-2025-26264HIGH26 ago 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerabili
46RIESGO
abrir
Exploit-DB
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
CVE-2025-26263MEDIUM26 ago 2025
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to cred
33RIESGO
abrir
Exploit-DB
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
CVE-2025-7441CRITICAL26 ago 2025
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
Exploit-DB
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
CVE-2024-28623MEDIUM18 ago 2025
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_sec
48RIESGO
abrir
Exploit-DB
PHPMyAdmin 3.0 - Bruteforce Login Bypass
CVE-2015-683018 ago 2025
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allo
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
CVE-2025-50154MEDIUM18 ago 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir
Exploit-DB
Tenda AC20 16.03.08.12 - Command Injection
CVE-2025-9090MEDIUM18 ago 2025
Tenda AC20 Telnet Service telnet websFormDefine command injection
38RIESGO
abrir
Exploit-DB
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
CVE-2025-7766HIGH18 ago 2025
Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
41RIESGO
abrir
Exploit-DB
BigAnt Office Messenger 5.6.06 - SQL Injection
CVE-2024-54761MEDIUM18 ago 2025
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
33RIESGO
abrir
Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
CVE-2024-4879CRITICALbajo ataque11 ago 2025
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RIESGO
abrir
Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
CVE-2024-27198CRITICALbajo ataqueransomware11 ago 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir
Exploit-DB
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
CVE-2025-5777CRITICALbajo ataqueransomware11 ago 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
Exploit-DB
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
CVE-2025-8730CRITICAL11 ago 2025
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
48RIESGO
abrir
Exploit-DB
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
CVE-2025-2783HIGHbajo ataque11 ago 2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.