Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
CVE-2026-3359HIGH18 jun 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RIESGO
abrir
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHbajo ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
GitHub PoC1
Unauthenticated Local File Inclusion
CVE-2026-7515CRITICAL18 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RIESGO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALbajo ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
akpmarcelin/CVE-2026-24061-lab
CVE-2026-24061CRITICALbajo ataque17 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALbajo ataqueransomware17 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
d4ngkh04w/CVE-2020-7961
CVE-2020-7961CRITICALbajo ataque17 jun 2026
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir
GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
CVE-2026-8206CRITICAL17 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
CVE-2021-3156HIGHbajo ataque17 jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALbajo ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-45777 PoC
CVE-2026-45777CRITICAL17 jun 2026
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RIESGO
abrir
GitHub PoC
CVE-2026-5411 WP Captcha PRO
CVE-2026-5411HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RIESGO
abrir
GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
CVE-2026-42758CRITICAL17 jun 2026
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-42009CRITICALbajo ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-7465HIGH17 jun 2026
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir
GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
CVE-2026-7654HIGH17 jun 2026
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RIESGO
abrir
GitHub PoC
CVE-2026-5415 WP Captcha PRO Authenticated Authentication Bypass Exploit
CVE-2026-5415HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
41RIESGO
abrir
GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
CVE-2026-46331HIGH17 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
CVE-2026-39808CRITICALbajo ataque17 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RIESGO
abrir
VulnCheck XDB
local
CVE-2021-3156HIGHbajo ataque17 jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
CVE-2026-7459HIGH17 jun 2026
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
anteriorpágina 21 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.