Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.105exploits catalogados
31.648CVEs con explotación pública
0probados en laboratorio
8069 exploits
VulnCheck XDB
initial-access
CVE-2019-023219 mar 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque18 mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware18 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2025-29824HIGHbajo ataqueransomware17 mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2021-41773HIGHbajo ataqueransomware16 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-9805HIGHbajo ataque16 mar 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALbajo ataqueransomware16 mar 2026
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALbajo ataqueransomware15 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware15 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-27944CRITICAL14 mar 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALbajo ataqueransomware13 mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-49844CRITICAL13 mar 2026
Redis Lua Use-After-Free may lead to remote code execution
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-12057CRITICAL13 mar 2026
WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
48RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-23222HIGHbajo ataque13 mar 2026
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.
76RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-47176MEDIUM13 mar 2026
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware12 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2026-21509HIGHbajo ataque12 mar 2026
Microsoft Office Security Feature Bypass Vulnerability
93RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALbajo ataqueransomware12 mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALbajo ataqueransomware12 mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALbajo ataqueransomware12 mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-31816CRITICAL12 mar 2026
Budibase Universal Auth Bypass via Webhook Query Param Injection
68RIESGO
abrir
VulnCheck XDB
local
CVE-2024-21338HIGHbajo ataqueransomware11 mar 2026
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-6329CRITICAL11 mar 2026
Control iD iDSecure passwordCustom Authentication Bypass
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-10068CRITICALbajo ataque11 mar 2026
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-27944CRITICAL10 mar 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALbajo ataque09 mar 2026
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.