Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
19.791 exploits
Referência
CVE-2026-9815
MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
33RIESGO
abrir
Referência
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RIESGO
abrir
Referência
CVE-2026-8383
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
48RIESGO
abrir
Referência
CVE-2026-8089
weMail < 2.1.3 - Reflected Cross-Site Scripting
41RIESGO
abrir
Referência
CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f
33RIESGO
abrir
Referência
CVE-2025-54236
CVE-2025-54236CRITICALbajo ataque
Adobe Commerce | Improper Input Validation (CWE-20)
100RIESGO
abrir
Referência
CVE-2021-22502
CVE-2021-22502CRITICALbajo ataque
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RIESGO
abrir
Referência
CVE-2025-20281
CVE-2025-20281CRITICALbajo ataque
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
100RIESGO
abrir
Referência
CVE-2025-25257
CVE-2025-25257CRITICALbajo ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
Referência64
FortiWeb CVE-2025-25257 exploit
CVE-2025-25257CRITICALbajo ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
Referência
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
CVE-2025-25257CRITICALbajo ataque
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
Referência
CVE-2020-25223
CVE-2020-25223CRITICALbajo ataque
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511
100RIESGO
abrir
Referência
CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RIESGO
abrir
Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RIESGO
abrir
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir
Referência
CVE-2019-9194
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir
Referência
CVE-2023-33246
CVE-2023-33246CRITICALbajo ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RIESGO
abrir
Referência
CVE-2023-33246
CVE-2023-33246CRITICALbajo ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RIESGO
abrir
Referência104
CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
CVE-2023-33246CRITICALbajo ataque
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
100RIESGO
abrir
Referência
CVE-2009-0927
CVE-2009-0927HIGHbajo ataque
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows r
100RIESGO
abrir
Referência
CVE-2023-46747
CVE-2023-46747CRITICALbajo ataqueransomware
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
100RIESGO
abrir
Referência
CVE-2020-8260
CVE-2020-8260HIGHbajo ataque
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform
100RIESGO
abrir
Referência
CVE-2020-11651
CVE-2020-11651CRITICALbajo ataque
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Referência
CVE-2020-11651
CVE-2020-11651CRITICALbajo ataque
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Referência
CVE-2017-17562
CVE-2017-17562HIGHbajo ataque
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RIESGO
abrir
Referência
CVE-2026-7229
code-projects Coaching Management System POST reply.php sql injection
33RIESGO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHbajo ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RIESGO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHbajo ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RIESGO
abrir
Referência
CVE-2018-20250
CVE-2018-20250HIGHbajo ataqueransomware
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RIESGO
abrir
Referência
CVE-2021-25298
CVE-2021-25298HIGHbajo ataque
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.