Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
initial-access
CVE-2024-53677CRITICAL01 sep 2025
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-34300CRITICAL01 sep 2025
Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-11357CRITICALbajo ataqueransomware01 sep 2025
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which a
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24813CRITICALbajo ataque31 ago 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware31 ago 2025
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2015-925131 ago 2025
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed wi
28RIESGO
abrir
VulnCheck XDB
local
CVE-2025-7771HIGH31 ago 2025
Code Execution / Escalation of Privileges in ThrottleStop
41RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2024-48307CRITICAL31 ago 2025
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalD
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2019-3396CRITICALbajo ataqueransomware30 ago 2025
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-9841CRITICALbajo ataque30 ago 2025
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALbajo ataque29 ago 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALbajo ataque29 ago 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-34040CRITICAL29 ago 2025
Seeyon Zhiyuan OA System Path Traversal File Upload
68RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque28 ago 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-12877CRITICAL28 ago 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
48RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL28 ago 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALbajo ataque28 ago 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque28 ago 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque27 ago 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque27 ago 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque27 ago 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque27 ago 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque27 ago 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
local
CVE-2018-19323CRITICALbajo ataqueransomware27 ago 2025
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque26 ago 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-34030CRITICAL26 ago 2025
sar2html OS Command Injection
75RIESGO
abrir
VulnCheck XDB
local
CVE-2019-6693MEDIUMbajo ataqueransomware26 ago 2025
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacke
63RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-8088HIGHbajo ataque26 ago 2025
Path traversal vulnerability in WinRAR
93RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque26 ago 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-5419HIGHbajo ataque25 ago 2025
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.