Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
BentoML's runner server RCE
Insecure Deserialization leads to RCE in BentoML's runner server
75RIESGO
abrir ↗Metasploit600
Langflow AI RCE
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir ↗Metasploit600
BentoML RCE
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
75RIESGO
abrir ↗Metasploit500
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7
100RIESGO
abrir ↗Metasploit300
Gladinet CentreStack/Triofox Path Traversal
Gladinet CentreStack and TrioFox Local File Inclusion Flaw
100RIESGO
abrir ↗Metasploit600
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
75RIESGO
abrir ↗Metasploit600
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the
100RIESGO
abrir ↗Metasploit600
Appsmith RCE
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image lea
43RIESGO
abrir ↗Metasploit600
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
68RIESGO
abrir ↗Metasploit300
Next.js Middleware Authorization Bypass Scanner
Authorization Bypass in Next.js Middleware
85RIESGO
abrir ↗Metasploit600
ICTBroadcast Unauthenticated Remote Code Execution
ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE
63RIESGO
abrir ↗Metasploit600
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
QuickShell Authenticated Command Injection
48RIESGO
abrir ↗Metasploit300
Sante PACS Server Path Traversal (CVE-2025-2264)
Santesoft Sante PACS Server Path Traversal Information Disclosure
48RIESGO
abrir ↗Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
78RIESGO
abrir ↗Metasploit600
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RIESGO
abrir ↗Metasploit300
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RIESGO
abrir ↗Metasploit600
Tomcat Partial PUT Java Deserialization
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir ↗Metasploit300
Xorcom CompletePBX Authenticated File Disclosure via Backup Download
Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
28RIESGO
abrir ↗Metasploit600
Xorcom CompletePBX Authenticated Command Injection via Task Scheduler
Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
36RIESGO
abrir ↗Metasploit300
Xorcom CompletePBX Arbitrary File Read and Deletion via systemDataFileName
Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
36RIESGO
abrir ↗Metasploit600
Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir ↗Metasploit600
SPIP Saisies Plugin Unauthenticated RCE
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RIESGO
abrir ↗Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
mySCADA myPRO Manager Missing Authentication for Critical Function
43RIESGO
abrir ↗Metasploit300
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
mySCADA myPRO Manager Cleartext Storage of Sensitive Information
43RIESGO
abrir ↗Metasploit300
Audiobookshelf Unauthenticated API Authentication Bypass Scanner
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
36RIESGO
abrir ↗Metasploit600
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Remote code execution in Wazuh server
100RIESGO
abrir ↗Metasploit600
InvokeAI RCE
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RIESGO
abrir ↗Metasploit600
Unauthenticated RCE in NetAlertX
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because fun
75RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.