Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RIESGO
abrir ↗GitHub PoC★ 1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir ↗GitHub PoC★ 1
Unauthenticated Local File Inclusion
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir ↗GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir ↗GitHub PoC
akpmarcelin/CVE-2026-24061-lab
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
d4ngkh04w/CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir ↗GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir ↗GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RIESGO
abrir ↗GitHub PoC
CVE-2026-45777 PoC
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RIESGO
abrir ↗GitHub PoC
CVE-2026-5411 WP Captcha PRO
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RIESGO
abrir ↗GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir ↗VulnCheck XDB
client-side
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir ↗GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RIESGO
abrir ↗GitHub PoC
CVE-2026-5415 WP Captcha PRO Authenticated Authentication Bypass Exploit
WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
41RIESGO
abrir ↗GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC
CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC★ 132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir ↗GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RIESGO
abrir ↗GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RIESGO
abrir ↗VulnCheck XDB
local
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.