Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
NetAlertX File Read Vulnerability
CVE-2024-48766HIGH30 ene 2025
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and
48RIESGO
abrir
Metasploit600
Cacti Graph Template authenticated RCE versions prior to 1.2.29
CVE-2025-24367HIGH27 ene 2025
Cacti allows Arbitrary File Creation leading to RCE
48RIESGO
abrir
Metasploit600
GestioIP 3.5.7 Remote Command Execution
CVE-2024-48760CRITICAL14 ene 2025
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke
75RIESGO
abrir
Metasploit300
Car Rental System 1.0 File Upload RCE (Authenticated)
CVE-2024-57487MEDIUM13 ene 2025
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types a
28RIESGO
abrir
Metasploit300
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
CVE-2024-57727CRITICALbajo ataqueransomware12 ene 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl
100RIESGO
abrir
Metasploit600
Remote Code Execution Vulnerability in Vvveb
CVE-2025-8518MEDIUM10 ene 2025
givanz Vvveb Code Editor code.php save code injection
28RIESGO
abrir
Metasploit600
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
CVE-2025-27218MEDIUM06 ene 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through
60RIESGO
abrir
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2025-3096CRITICAL04 ene 2025
Clinics Patient Management System SQL Injection
43RIESGO
abrir
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2022-2297MEDIUM04 ene 2025
SourceCodester Clinics Patient Management System unrestricted upload
28RIESGO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48455LOW27 dic 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
23RIESGO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48456HIGH27 dic 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
41RIESGO
abrir
Metasploit600
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
CVE-2024-48457HIGH27 dic 2024
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi
36RIESGO
abrir
Metasploit600
Windows Cloud File Mini Filer Driver Heap Overflow
CVE-2024-30085HIGH19 dic 2024
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RIESGO
abrir
Metasploit600
Craft CMS Twig Template Injection RCE via FTP Templates Path
CVE-2024-56145CRITICALbajo ataque19 dic 2024
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
100RIESGO
abrir
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2025-1094HIGH16 dic 2024
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RIESGO
abrir
Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVE-2024-12356CRITICALbajo ataque16 dic 2024
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
95RIESGO
abrir
Metasploit600
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
CVE-2024-55555HIGH13 dic 2024
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_
36RIESGO
abrir
Metasploit600
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
CVE-2024-55556CRITICAL13 dic 2024
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote com
55RIESGO
abrir
Metasploit600
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
CVE-2024-55956CRITICALbajo ataqueransomware09 dic 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can impo
95RIESGO
abrir
Metasploit300
LINQPad Deserialization
CVE-2024-53326HIGH03 dic 2024
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(
36RIESGO
abrir
Metasploit600
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
CVE-2024-11320MEDIUM21 nov 2024
Command Injection leading to RCE via LDAP Misconfiguration
50RIESGO
abrir
Metasploit600
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
CVE-2024-47407CRITICAL21 nov 2024
mySCADA myPRO OS Command Injection
55RIESGO
abrir
Metasploit500
Ubuntu needrestart Privilege Escalation
CVE-2024-48990HIGH19 nov 2024
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tric
41RIESGO
abrir
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-9474MEDIUMbajo ataqueransomware18 nov 2024
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
100RIESGO
abrir
Metasploit600
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
CVE-2024-0012CRITICALbajo ataqueransomware18 nov 2024
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
100RIESGO
abrir
Metasploit600
LibreNMS Authenticated RCE (CVE-2024-51092)
CVE-2024-51092CRITICAL15 nov 2024
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutContr
43RIESGO
abrir
Metasploit600
WordPress WP Time Capsule Arbitrary File Upload to RCE
CVE-2024-8856CRITICAL15 nov 2024
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RIESGO
abrir
Metasploit600
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
CVE-2024-10924CRITICAL14 nov 2024
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
85RIESGO
abrir
Metasploit600
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-28397MEDIUM28 oct 2024
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir
Metasploit600
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
CVE-2024-48594HIGH28 oct 2024
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the f
36RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.