Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque29 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware28 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL28 jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware28 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-2294CRITICAL28 jul 2025
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque28 jul 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware27 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-5638CRITICALbajo ataqueransomware27 jul 2025
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-47812CRITICALbajo ataque27 jul 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL26 jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALbajo ataque26 jul 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware25 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-27372CRITICAL25 jul 2025
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2014-6271CRITICALbajo ataque25 jul 2025
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware25 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL25 jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54782CRITICAL25 jul 2025
@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
75RIESGO
abrir
VulnCheck XDB
client-side
CVE-2023-23397CRITICALbajo ataque25 jul 2025
Microsoft Outlook Elevation of Privilege Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-1302CRITICAL24 jul 2025
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware24 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2024-23897CRITICALbajo ataqueransomware24 jul 2025
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-6558HIGHbajo ataque24 jul 2025
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote at
71RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALbajo ataqueransomware24 jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware23 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-53770CRITICALbajo ataqueransomware23 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALbajo ataqueransomware23 jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-45046CRITICALbajo ataqueransomware23 jul 2025
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-4947CRITICALbajo ataque23 jul 2025
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32756CRITICALbajo ataque23 jul 2025
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCa
90RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-27363HIGHbajo ataque23 jul 2025
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when
76RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.