Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit400
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
CVE-2023-28252HIGHbajo ataqueransomware11 abr 2023
Windows Common Log File System Driver Elevation of Privilege Vulnerability
98RIESGO
abrir
Metasploit300
Jasmin Ransomware Web Server Unauthenticated SQL Injection
CVE-2025-6095MEDIUM08 abr 2023
codesiddhant Jasmin Ransomware checklogin.php sql injection
28RIESGO
abrir
Metasploit300
Jasmin Ransomware Web Server Unauthenticated Directory Traversal
CVE-2024-30851MEDIUM08 abr 2023
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive infor
28RIESGO
abrir
Metasploit300
ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download
CVE-2023-27856HIGH05 abr 2023
Rockwell Automation ThinManager ThinServer Path Traversal Download
58RIESGO
abrir
Metasploit300
ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload
CVE-2023-27855CRITICAL05 abr 2023
Rockwell Automation ThinManager ThinServer Path Traversal Upload
48RIESGO
abrir
Metasploit600
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
CVE-2022-43939HIGHbajo ataque04 abr 2023
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
100RIESGO
abrir
Metasploit600
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
CVE-2022-43769HIGHbajo ataque04 abr 2023
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
100RIESGO
abrir
Metasploit500
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
CVE-2023-28771CRITICALbajo ataque31 mar 2023
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware vers
100RIESGO
abrir
Metasploit600
Nextcloud Workflows Remote Code Execution
CVE-2023-26482CRITICAL30 mar 2023
Scope of workflow operations is not validated in nextcloud server
63RIESGO
abrir
Metasploit400
Rocket Software Unidata udadmin_server Stack Buffer Overflow in Password
CVE-2023-28502CRITICAL30 mar 2023
Stack buffer overflow in UniRPC's udadmin_server service
75RIESGO
abrir
Metasploit600
Rocket Software Unidata udadmin_server Authentication Bypass
CVE-2023-28503CRITICAL30 mar 2023
Authentication bypass in UniRPC's udadmin service
75RIESGO
abrir
Metasploit300
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
CVE-2023-2812122 mar 2023
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to s
60RIESGO
abrir
Metasploit600
Local Privilege Escalation via CVE-2023-0386
CVE-2023-0386HIGHbajo ataque22 mar 2023
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RIESGO
abrir
Metasploit300
MinIO Bootstrap Verify Information Disclosure
CVE-2023-28432HIGHbajo ataque20 mar 2023
Minio Information Disclosure in Cluster Deployment
100RIESGO
abrir
Metasploit600
pfSense Restore RRD Data Command Injection
CVE-2023-2725318 mar 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RIESGO
abrir
Metasploit600
Adobe ColdFusion Unauthenticated Remote Code Execution
CVE-2023-26360HIGHbajo ataque14 mar 2023
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RIESGO
abrir
Metasploit300
Dolibarr 16 pre-auth contact database dump
CVE-2023-3356814 mar 2023
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's
23RIESGO
abrir
Metasploit600
Lexmark Device Embedded Web Server RCE
CVE-2023-26068CRITICAL13 mar 2023
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).
68RIESGO
abrir
Metasploit600
PaperCut PaperCutNG Authentication Bypass
CVE-2023-27350CRITICALbajo ataqueransomware13 mar 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
Metasploit300
Pretalx Arbitrary File Read/Limited File Write
CVE-2023-28459MEDIUM07 mar 2023
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload craft
28RIESGO
abrir
Metasploit600
Pretalx Limited File Write to Remote Code Execution
CVE-2023-28458MEDIUM07 mar 2023
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the over
28RIESGO
abrir
Metasploit300
Pretalx Arbitrary File Read/Limited File Write
CVE-2023-28458MEDIUM07 mar 2023
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the over
28RIESGO
abrir
Metasploit600
SPIP form PHP Injection
CVE-2023-27372CRITICAL27 feb 2023
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
Metasploit600
ZoneMinder Snapshots Command Injection
CVE-2023-26035HIGH24 feb 2023
ZoneMinder vulnerable to Missing Authorization
58RIESGO
abrir
Metasploit300
RPyC 4.1.0 through 4.1.1 Remote Command Execution
CVE-2019-1632819 feb 2023
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure
23RIESGO
abrir
Metasploit600
Fortinet FortiNAC keyUpload.jsp arbitrary file write
CVE-2022-39952CRITICAL16 feb 2023
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8
85RIESGO
abrir
Metasploit600
Lucee Authenticated Scheduled Job Code Execution
CVE-2025-34074CRITICAL10 feb 2023
Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
63RIESGO
abrir
Metasploit600
Apache Druid JNDI Injection RCE
CVE-2023-25194HIGH07 feb 2023
Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
78RIESGO
abrir
Metasploit600
Fortra GoAnywhere MFT Unsafe Deserialization RCE
CVE-2023-0669HIGHbajo ataqueransomware01 feb 2023
Fortra GoAnywhere MFT License Response Servlet Command Injection
100RIESGO
abrir
Metasploit300
Joomla API Improper Access Checks
CVE-2023-23752MEDIUMbajo ataque01 feb 2023
[20230201] - Core - Improper access check in webservice endpoints
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.