Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
22.467 exploits
Exploit-DB
macOS LaunchDaemon iOS 17.2 - Privilege Escalation
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, i
83RIESGO
abrir ↗Exploit-DB
Apache Tomcat 10.1.39 - Denial of Service (DoS)
Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
53RIESGO
abrir ↗Exploit-DB
Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
Scripting Engine Memory Corruption Vulnerability
76RIESGO
abrir ↗Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Overflow
Grandstream GSD3710 Stack-based Buffer Overflow
48RIESGO
abrir ↗Exploit-DB
WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing
53RIESGO
abrir ↗Exploit-DB
Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
Authentication Bypass in GoAnywhere MFT
85RIESGO
abrir ↗Exploit-DB
Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir ↗Exploit-DB
SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
SolarWinds Serv-U L Directory Transversal Vulnerability
100RIESGO
abrir ↗Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
Grandstream GSD3710 Stack-based Buffer Overflow
48RIESGO
abrir ↗Exploit-DB
WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
User Registration & Membership < 4.1.3 - Authentication Bypass
41RIESGO
abrir ↗Exploit-DB
Java-springboot-codebase 1.1 - Arbitrary File Read
Unauthenticated Arbitrary File Read via Absolute Path
56RIESGO
abrir ↗Exploit-DB
CrushFTP 11.3.1 - Authentication Bypass
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RIESGO
abrir ↗Exploit-DB
Invision Community 5.0.6 - Remote Code Execution (RCE)
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RIESGO
abrir ↗Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
41RIESGO
abrir ↗Exploit-DB
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover
63RIESGO
abrir ↗Exploit-DB
Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uplo
41RIESGO
abrir ↗Exploit-DB
SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RIESGO
abrir ↗Exploit-DB
Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
33RIESGO
abrir ↗Exploit-DB
WordPress Depicter Plugin 3.6.1 - SQL Injection
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RIESGO
abrir ↗Exploit-DB
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
33RIESGO
abrir ↗Exploit-DB
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
NTLM Hash Disclosure Spoofing Vulnerability
75RIESGO
abrir ↗Exploit-DB
unzip-stream 0.3.1 - Arbitrary File Write
Arbitrary File Write via artifact extraction in actions/artifact
41RIESGO
abrir ↗Exploit-DB
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted
41RIESGO
abrir ↗Exploit-DB
FoxCMS 1.2.5 - Remote Code Execution (RCE)
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RIESGO
abrir ↗Exploit-DB
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
75RIESGO
abrir ↗Exploit-DB
Langflow 1.3.0 - Remote Code Execution (RCE)
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RIESGO
abrir ↗Exploit-DB
Inventio Lite 4 - SQL Injection
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action
48RIESGO
abrir ↗Exploit-DB
KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
61RIESGO
abrir ↗Exploit-DB
UJCMS 9.6.3 - User Enumeration via IDOR
Dromara UJCMS User ID id authorization
33RIESGO
abrir ↗Exploit-DB
Apache Commons Text 1.10.0 - Remote Code Execution
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.