Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
initial-access
CVE-2025-34299CRITICAL10 nov 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALbajo ataque10 nov 2025
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2021-40438CRITICALbajo ataque09 nov 2025
mod_proxy SSRF
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-11749CRITICAL08 nov 2025
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-21042HIGHbajo ataque08 nov 2025
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitra
76RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque08 nov 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque08 nov 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-5902CRITICALbajo ataqueransomware07 nov 2025
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-9491MEDIUM07 nov 2025
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability
45RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54782CRITICAL06 nov 2025
@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
75RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-64095CRITICAL06 nov 2025
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
75RIESGO
abrir
VulnCheck XDB
local
CVE-2019-2215HIGHbajo ataque06 nov 2025
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54236CRITICALbajo ataque06 nov 2025
Adobe Commerce | Improper Input Validation (CWE-20)
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALbajo ataque06 nov 2025
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-21413CRITICALbajo ataque06 nov 2025
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2022-21587CRITICALbajo ataqueransomware06 nov 2025
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALbajo ataqueransomware05 nov 2025
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-14883HIGHbajo ataque05 nov 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALbajo ataque05 nov 2025
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53690CRITICALbajo ataque05 nov 2025
Sitecore Products ViewState Deserialization Vulnerability
90RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALbajo ataque04 nov 2025
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-5932CRITICAL04 nov 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-14882CRITICALbajo ataque04 nov 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque03 nov 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALbajo ataque03 nov 2025
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque03 nov 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque02 nov 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-2011HIGH02 nov 2025
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RIESGO
abrir
VulnCheck XDB
local
CVE-2021-3560HIGHbajo ataque01 nov 2025
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2024-9047CRITICAL01 nov 2025
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
85RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.