Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
local
CVE-2025-7771HIGH07 sep 2025
Code Execution / Escalation of Privileges in ThrottleStop
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque07 sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALbajo ataque06 sep 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALbajo ataque06 sep 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-54309CRITICALbajo ataque06 sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-58443CRITICAL06 sep 2025
FOG's authentication bypass leads to full SQL DB dump
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-22515CRITICALbajo ataqueransomware06 sep 2025
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALbajo ataqueransomware05 sep 2025
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque05 sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque05 sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-1055MEDIUM04 sep 2025
K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-7961CRITICALbajo ataque04 sep 2025
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-5016404 sep 2025
Apache Struts: File upload component had a directory traversal vulnerability
45RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque04 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque04 sep 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware04 sep 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
local
CVE-2024-1086HIGHbajo ataqueransomware04 sep 2025
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-53772HIGH04 sep 2025
Web Deploy Remote Code Execution Vulnerability
46RIESGO
abrir
VulnCheck XDB
local
CVE-2025-6019HIGH03 sep 2025
Libblockdev: lpe from allow_active to root in libblockdev via udisks
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALbajo ataque03 sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque03 sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
local
CVE-2015-132803 sep 2025
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALbajo ataqueransomware03 sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-51568CRITICAL02 sep 2025
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecut
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALbajo ataqueransomware01 sep 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-53677CRITICAL01 sep 2025
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-9841CRITICALbajo ataque01 sep 2025
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-11317CRITICALbajo ataque01 sep 2025
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2018-1920701 sep 2025
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALbajo ataque01 sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.