Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.163exploits catalogados
31.687CVEs con explotación pública
0probados en laboratorio
8069 exploits
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque16 nov 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-21479HIGHbajo ataque16 nov 2025
Incorrect Authorization in Graphics
71RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-33073HIGHbajo ataque15 nov 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALbajo ataque15 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALbajo ataque15 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-33073HIGHbajo ataque14 nov 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-11700HIGH14 nov 2025
N-central Multiple XXE Injection Vulnerabilities
68RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-64446CRITICALbajo ataque14 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALbajo ataque14 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALbajo ataque14 nov 2025
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-9316MEDIUM14 nov 2025
N-central unauthenticated sessionID generation
60RIESGO
abrir
VulnCheck XDB
local
CVE-2025-62215HIGHbajo ataque14 nov 2025
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque13 nov 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
local
CVE-2025-7771HIGH13 nov 2025
Code Execution / Escalation of Privileges in ThrottleStop
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALbajo ataque13 nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-60710HIGHbajo ataque12 nov 2025
Host Process for Windows Tasks Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
client-side
CVE-2020-9802HIGH12 nov 2025
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
41RIESGO
abrir
VulnCheck XDB
local
CVE-2025-60710HIGHbajo ataque11 nov 2025
Host Process for Windows Tasks Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque11 nov 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2024-31982CRITICAL11 nov 2025
XWiki Platform: Remote code execution as guest via DatabaseSearch
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-48703CRITICALbajo ataque11 nov 2025
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-51378CRITICALbajo ataqueransomware11 nov 2025
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2023-3581311 nov 2025
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-34299CRITICAL10 nov 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALbajo ataque10 nov 2025
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2021-40438CRITICALbajo ataque09 nov 2025
mod_proxy SSRF
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque08 nov 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque08 nov 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-21042HIGHbajo ataque08 nov 2025
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitra
76RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-11749CRITICAL08 nov 2025
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.