Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.181exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
8078 exploits
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque19 jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2024-20767HIGHbajo ataque19 jul 2025
ColdFusion | Improper Access Control (CWE-284)
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALbajo ataque19 jul 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-31161CRITICALbajo ataqueransomware19 jul 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque18 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
local
CVE-2021-3156HIGHbajo ataque18 jul 2025
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALbajo ataque18 jul 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-47176HIGH18 jul 2025
Microsoft Outlook Remote Code Execution Vulnerability
41RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque17 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-47812CRITICALbajo ataque17 jul 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque16 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALbajo ataque16 jul 2025
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALbajo ataqueransomware16 jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-4577CRITICALbajo ataqueransomware16 jul 2025
Argument Injection in PHP-CGI
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque16 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-48384HIGHbajo ataque16 jul 2025
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALbajo ataqueransomware15 jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque15 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque15 jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2018-1261315 jul 2025
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALbajo ataqueransomware15 jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-48827CRITICAL14 jul 2025
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers'
85RIESGO
abrir
VulnCheck XDB
client-side
CVE-2025-44136CRITICAL14 jul 2025
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an e
63RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-44137HIGH14 jul 2025
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is resp
56RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque14 jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-536014 jul 2025
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-52488HIGH14 jul 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
68RIESGO
abrir
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL14 jul 2025
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALbajo ataque14 jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-7340CRITICAL14 jul 2025
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.