Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.086 exploits
GitHub PoC
Saku0512/CVE-2026-54686-poc
Warp: DCS lifecycle hook spoofing can alter terminal session metadata
33RIESGO
abrir ↗GitHub PoC
CVE-2026-50751 Mass Scanner
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗GitHub PoC
CVE-2025-49844 exploit script
Redis Lua Use-After-Free may lead to remote code execution
85RIESGO
abrir ↗GitHub PoC★ 4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RIESGO
abrir ↗GitHub PoC★ 8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RIESGO
abrir ↗GitHub PoC★ 2
DylanZahedi/CVE-2026-9277
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RIESGO
abrir ↗GitHub PoC
ElianGonzi00/CVE-2025-2783
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir ↗GitHub PoC★ 1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RIESGO
abrir ↗GitHub PoC★ 4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
HTTP.sys Denial of Service Vulnerability
53RIESGO
abrir ↗GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
Research and analysis of the ServiceNow Virtual Agent vulnerability (CVE-2025-12420), including attack flow, MITRE ATT&CK mapping, detection strategies, and mitigation recommendations.
Unauthenticated Privilege Escalation in ServiceNow AI Platform
60RIESGO
abrir ↗GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RIESGO
abrir ↗GitHub PoC
ikarolaborda/CVE-2026-40176
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RIESGO
abrir ↗GitHub PoC
webapp vulnerable to CVE-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC★ 3
PoC exploit for CVE-2026-53519.
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RIESGO
abrir ↗GitHub PoC
webshellseo8/CVE-2026-53787-POC-
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RIESGO
abrir ↗GitHub PoC★ 1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
Xz: malicious code in distributed source
70RIESGO
abrir ↗GitHub PoC
CVE-2026-20253 - Splunk Enterprise
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir ↗GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2017-0144
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗GitHub PoC
rohit-sundar/cve-2026-23744
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir ↗GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir ↗GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
CVE-2026-20127
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗GitHub PoC★ 4
CVE-2026-20245
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RIESGO
abrir ↗GitHub PoC★ 1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
Unbounded resend loop in BIND 9 resolver
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.