Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
initial-access
CVE-2014-6287CRITICALbajo ataque16 sep 2025
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2017-9822HIGHbajo ataqueransomware15 sep 2025
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALbajo ataqueransomware15 sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-1261115 sep 2025
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque14 sep 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
local
CVE-2025-48543HIGHbajo ataque14 sep 2025
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use aft
71RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALbajo ataque14 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALbajo ataque13 sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque13 sep 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware13 sep 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
local
CVE-2021-3493HIGHbajo ataque13 sep 2025
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque13 sep 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALbajo ataque12 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-4123HIGH12 sep 2025
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
78RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL11 sep 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
local
CVE-2022-0847HIGHbajo ataque11 sep 2025
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHbajo ataque11 sep 2025
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALbajo ataqueransomware11 sep 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque10 sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-31161CRITICALbajo ataqueransomware10 sep 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2024-23897CRITICALbajo ataqueransomware10 sep 2025
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-42957CRITICAL10 sep 2025
Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque10 sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2018-11776HIGHbajo ataque09 sep 2025
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALbajo ataqueransomware09 sep 2025
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque08 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque08 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-21333HIGHbajo ataque08 sep 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-30208MEDIUM08 sep 2025
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque07 sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.