Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
infoleak
CVE-2025-2294CRITICAL24 sep 2025
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque24 sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque23 sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALbajo ataque23 sep 2025
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2020-3452HIGHbajo ataque23 sep 2025
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-21413CRITICALbajo ataque23 sep 2025
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-282523 sep 2025
35RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque22 sep 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-6933HIGH22 sep 2025
Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-34152CRITICAL21 sep 2025
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL21 sep 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2018-13379CRITICALbajo ataqueransomware21 sep 2025
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque21 sep 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALbajo ataqueransomware21 sep 2025
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque20 sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL20 sep 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque20 sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALbajo ataque19 sep 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque18 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque18 sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29306CRITICAL18 sep 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-30258CRITICAL18 sep 2025
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALbajo ataqueransomware17 sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2010-124017 sep 2025
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of
60RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL17 sep 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
local
CVE-2021-22600MEDIUMbajo ataque17 sep 2025
Double Free in net/packet/af_packet.c leading to priviledge escalation
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-1709CRITICALbajo ataqueransomware16 sep 2025
Authentication bypass using an alternate path or channel
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-24799HIGH16 sep 2025
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-1708HIGHbajo ataqueransomware16 sep 2025
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-3396CRITICALbajo ataqueransomware16 sep 2025
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.