Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
8069 exploits
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware31 ene 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque30 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-21858CRITICAL30 ene 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-11707HIGHbajo ataque29 ene 2026
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-40554CRITICAL29 ene 2026
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2025-5419HIGHbajo ataque29 ene 2026
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2017-7921CRITICALbajo ataque28 ene 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque28 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque28 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0920CRITICAL28 ene 2026
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-2449928 ene 2026
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque27 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2026-21509HIGHbajo ataque27 ene 2026
Microsoft Office Security Feature Bypass Vulnerability
93RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALbajo ataque27 ene 2026
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware27 ene 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque27 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque27 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque27 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-25253HIGH27 ene 2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-50498CRITICAL27 ene 2026
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque26 ene 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
local
CVE-2023-3881726 ene 2026
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to th
23RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALbajo ataque26 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALbajo ataque26 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2009-310326 ene 2026
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Window
60RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALbajo ataque25 ene 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2021-33044CRITICALbajo ataque25 ene 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RIESGO
abrir
VulnCheck XDB
local
CVE-2015-2291HIGHbajo ataqueransomware25 ene 2026
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows all
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-60021CRITICAL25 ene 2026
Apache bRPC: Remote command injection vulnerability in heap builtin service
53RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-9978MEDIUMbajo ataque25 ene 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.