Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.086 exploits
GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir ↗GitHub PoC★ 9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir ↗GitHub PoC
CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗GitHub PoC
CVE-2026-0273 - Draft
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RIESGO
abrir ↗GitHub PoC★ 2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir ↗GitHub PoC★ 13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir ↗GitHub PoC★ 4
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir ↗GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir ↗GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RIESGO
abrir ↗GitHub PoC★ 3
Toolkit for CVE-2025-55182, also known as React2Shell.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2026-50507 - Draft
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir ↗GitHub PoC
CVE-2026-40791: Unauthenticated stored XSS in WP Time Slots Booking Form <= 1.2.46
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir ↗GitHub PoC
From deobfuscating code.js to root, CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RIESGO
abrir ↗GitHub PoC★ 4
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
xxconi/CVE-2025-6254
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RIESGO
abrir ↗GitHub PoC
CVE-2026-10520 and CVE-2026-10523
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
33RIESGO
abrir ↗GitHub PoC
byte16384/CVE-2026-49492-PoC
Markdown Preview Enhanced OS Command Injection in External File and Link Opening
41RIESGO
abrir ↗GitHub PoC
Cyber-DarkNay/CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir ↗GitHub PoC
FangFang-Yi/CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.