Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form
CVE-2026-54807CRITICAL26 jun 2026
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
48RIESGO
abrir
GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
CVE-2026-33146MEDIUM26 jun 2026
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RIESGO
abrir
GitHub PoC
Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user read, copy, delete, and overwrite assets in other workspaces.
CVE-2026-46558HIGH26 jun 2026
Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces
41RIESGO
abrir
GitHub PoC
fevar54/CVE-2026-20253-Splunk-Enterprise-Pre-Auth-RCE-
CVE-2026-20253CRITICALbajo ataque26 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC15
mooder1/dirtyclone-CVE-2026-43503
CVE-2026-43503HIGH26 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC3
CVE-2026-20251 — Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) | ReactiveZero Security Research
CVE-2026-20251HIGH26 jun 2026
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
41RIESGO
abrir
GitHub PoC4
aexdyhaxor/CVE-2026-43503-DirtyClone
CVE-2026-43503HIGH26 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC
Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.
CVE-2026-45806HIGH26 jun 2026
Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url
38RIESGO
abrir
GitHub PoC4
CVE-2026-8461
CVE-2026-8461HIGH26 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RIESGO
abrir
GitHub PoC
12hrformat/CVE-2026-35273-POC
CVE-2026-35273CRITICALbajo ataqueransomware26 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir
GitHub PoC
e-corp-demo/CVE-2026-44788
CVE-2026-44788MEDIUM26 jun 2026
SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
33RIESGO
abrir
GitHub PoC
POC of CVE-2026-53075
CVE-2026-53075HIGH25 jun 2026
ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
41RIESGO
abrir
GitHub PoC24
CVE-2026-43503
CVE-2026-43503HIGH25 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC
Squamity/CVE-2026-8181-PoC
CVE-2026-8181CRITICAL25 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC
7whyex/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALbajo ataqueransomware25 jun 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC1
CVE-2026-7574
CVE-2026-7574HIGH25 jun 2026
Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use
41RIESGO
abrir
GitHub PoC1
W5M1n9/Cisco-Unified-Communications-Manager-Server-Side-Forgery-Request-Vulnerability-CVE-2026-20230
CVE-2026-20230HIGH25 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir
GitHub PoC
CVE-2026-31431 getroot from a Turkish Cryptominer
CVE-2026-31431HIGHbajo ataque24 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-48908
CVE-2026-48908CRITICAL24 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CVE-2026-48908CRITICAL24 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC
CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE
CVE-2026-48908CRITICAL24 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC
Proof of Concept of CVE-2026-38526 in Krayin CRM <= v2.2.x. Arbitrary File Upload leading to Remote Code Execution
CVE-2026-38526CRITICAL24 jun 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir
GitHub PoC
CVE-2026-49777, CVE-2026-10735 - Draft
CVE-2026-49777CRITICAL24 jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir
GitHub PoC1
Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter | Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover
CVE-2026-12416CRITICAL24 jun 2026
Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter
48RIESGO
abrir
GitHub PoC1
CVE-2026-8461 - Draft
CVE-2026-8461HIGH24 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RIESGO
abrir
GitHub PoC13
Y5neKO/CVE-2026-8461-EXP
CVE-2026-8461HIGH24 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RIESGO
abrir
GitHub PoC1
Proof of concept for CVE-2026-56111, an out-of-bounds write in the M421 G-code handler of Marlin Firmware
CVE-2026-56111HIGH24 jun 2026
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RIESGO
abrir
GitHub PoC60
CVE-2026-45504 Microsoft Exchange File Read
CVE-2026-45504HIGH24 jun 2026
Microsoft Exchange Server Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC3
Proof of Concept (PoC) for the TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834)
CVE-2026-11834HIGH23 jun 2026
Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
41RIESGO
abrir
GitHub PoC1
A minimal PoC for CVE-2026-21018, demonstrating how it works
CVE-2026-21018MEDIUM23 jun 2026
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.