Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
8069 exploits
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALbajo ataque09 mar 2026
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2026-25253HIGH09 mar 2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-33073HIGHbajo ataque09 mar 2026
Windows SMB Client Elevation of Privilege Vulnerability
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-20198CRITICALbajo ataque08 mar 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque08 mar 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL08 mar 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2020-1350CRITICALbajo ataque07 mar 2026
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-20122MEDIUMbajo ataque07 mar 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-27372CRITICAL07 mar 2026
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque07 mar 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
local
CVE-2023-21746HIGH06 mar 2026
Windows NTLM Elevation of Privilege Vulnerability
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware06 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-398006 mar 2026
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to
23RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque05 mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
local
CVE-2022-0185HIGHbajo ataque05 mar 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-20122MEDIUMbajo ataque04 mar 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
63RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2021-2291104 mar 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque03 mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque03 mar 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-33044CRITICALbajo ataque03 mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2024-23897CRITICALbajo ataqueransomware03 mar 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2024-2961HIGH03 mar 2026
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-71257MEDIUM03 mar 2026
BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-1357CRITICAL02 mar 2026
Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-43529HIGHbajo ataque02 mar 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2025-62215HIGHbajo ataque02 mar 2026
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
local
CVE-2023-4911HIGHbajo ataque02 mar 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHbajo ataque02 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-3395MEDIUM02 mar 2026
MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
33RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-58034MEDIUMbajo ataque02 mar 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.