Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
CVE-2026-53753 — Crawl4AI <0.8.7 unauthenticated RCE (AST sandbox escape via gi_frame.f_back). Lab + PoC, verified e2e.
CVE-2026-53753CRITICAL29 jun 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RIESGO
abrir
VulnCheck XDB
local
CVE-2023-4911HIGHbajo ataque29 jun 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
GitHub PoC1
rootdirective-sec/CVE-2026-28496-Lab
CVE-2026-28496CRITICAL29 jun 2026
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RIESGO
abrir
GitHub PoC1
CVE-2026-48907 – Joomla JCE Unauthenticated Remote Code Execution (RCE)
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware29 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
xitexploiter96-dot/CVE-2026-48907-
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH29 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-28496CRITICAL29 jun 2026
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALbajo ataque29 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC21
Python Proof of Concept for DirtyClone (CVE-2026-43503) - Linux kernel LPE via page-cache corruption
CVE-2026-43503HIGH29 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-3864629 jun 2026
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-20253CRITICALbajo ataque29 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC
HutTwoThreeFour/CVE-2026-5562-Exploit
CVE-2026-5562MEDIUM29 jun 2026
provectus kafka-ui Endpoint testexecutions validateAccess code injection
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
cve-2026-48907 scanner
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC1
iCagenda Unauthenticated File Upload to RCE
CVE-2026-48939CRITICALbajo ataque29 jun 2026
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RIESGO
abrir
GitHub PoC1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
CVE-2026-49048HIGH28 jun 2026
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RIESGO
abrir
GitHub PoC2
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH28 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC5
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
CVE-2026-46331HIGH28 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CVE-2026-48908CRITICAL28 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC
POC for CVE-2026-41179
CVE-2026-41179CRITICAL28 jun 2026
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
63RIESGO
abrir
VulnCheck XDB
local
CVE-2023-0386HIGHbajo ataque28 jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RIESGO
abrir
GitHub PoC1
CVE-2026-12485
CVE-2026-12485CRITICAL28 jun 2026
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
48RIESGO
abrir
GitHub PoC
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
CVE-2026-23918HIGH28 jun 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-7247CRITICALbajo ataque28 jun 2026
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RIESGO
abrir
GitHub PoC
Why-Shell/CVE-2026-38751
CVE-2026-38751HIGH28 jun 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RIESGO
abrir
GitHub PoC192
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
CVE-2026-41940CRITICALbajo ataqueransomware28 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL28 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
anteriorpágina 13 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.