Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
VulnCheck XDB
local
CVE-2021-4034HIGHbajo ataque22 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC13
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
CVE-2026-48908CRITICAL22 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2023-23752MEDIUMbajo ataque21 jun 2026
[20230201] - Core - Improper access check in webservice endpoints
100RIESGO
abrir
GitHub PoC
1fox23/CVE-2026-32202
CVE-2026-32202MEDIUMbajo ataque21 jun 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
GitHub PoC
Luisbuilds-data/cve-2024-1086-writeup
CVE-2024-1086HIGHbajo ataqueransomware21 jun 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
VulnCheck XDB
local
CVE-2025-32463CRITICALbajo ataque21 jun 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
GitHub PoC
POC for CVE-2025-24071
CVE-2025-24071MEDIUM21 jun 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir
GitHub PoC
webshellseo8/CVE-2026-48908-POC
CVE-2026-48908CRITICAL21 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC23
CVE-2026-48909 PoC
CVE-2026-48909CRITICAL21 jun 2026
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL21 jun 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque21 jun 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2025-24071MEDIUM21 jun 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir
GitHub PoC
JFrog AppTrust lifecycle policy enforcement demo — shows release gate blocking CVE-2022-22965 (Spring4Shell) with waiver request flow
CVE-2022-22965CRITICALbajo ataque21 jun 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
GitHub PoC
POC for CVE-2025-24893
CVE-2025-24893CRITICALbajo ataque21 jun 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
GitHub PoC
POC for CVE-2025-29927
CVE-2025-29927CRITICAL21 jun 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
POC for CVE-2025-48384
CVE-2025-48384HIGHbajo ataque21 jun 2026
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
GitHub PoC
POC for CVE-2025-29384
CVE-2025-29384CRITICAL21 jun 2026
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
48RIESGO
abrir
GitHub PoC
Public disclosure for CVE-2026-43655 AppleM2ScalerCSCDriver use-after-free
CVE-2026-43655HIGH21 jun 2026
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macO
41RIESGO
abrir
GitHub PoC
Hunt-Benito/ash-authentication-oauth2-oidc-account-takeover-cve-2026-49757-email-based-user-matching
CVE-2026-49757CRITICAL21 jun 2026
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
48RIESGO
abrir
GitHub PoC
xxconi/CVE-2026-49777-CVE-2026-10735
CVE-2026-49777CRITICAL21 jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware21 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
ubaydev/CVE-2026-11551-PoC
CVE-2026-11551CRITICAL21 jun 2026
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-49777CRITICAL21 jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-32202MEDIUMbajo ataque21 jun 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
GitHub PoC
adriannurrr/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALbajo ataqueransomware21 jun 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-21858CRITICAL21 jun 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-68613CRITICALbajo ataque21 jun 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RIESGO
abrir
GitHub PoC1
Nuclei template for CVE-2026-11561 — Apinizer SSTI / RCE version detection
CVE-2026-11561CRITICAL21 jun 2026
SSTI in Soagen Informatics' Apinizer
48RIESGO
abrir
GitHub PoC
Version: Download Manager 3.3.5.2 Title: Missing Authorization - Unauthenticated IDOR Exploit
CVE-2026-39676MEDIUM21 jun 2026
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability
33RIESGO
abrir
GitHub PoC
alexlanum/CVE-2026-32202
CVE-2026-32202MEDIUMbajo ataque21 jun 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
anteriorpágina 18 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.