Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC
CVE-2026-39813 - Fortinet Sandbox - Draft
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.
53RIESGO
abrir ↗GitHub PoC★ 2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RIESGO
abrir ↗VulnCheck XDB
local
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir ↗GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir ↗GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal Vulnerability (CWE-22) - Authenticated Remote File Write
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RIESGO
abrir ↗GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RIESGO
abrir ↗VulnCheck XDB
client-side
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir ↗VulnCheck XDB
initial-access
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RIESGO
abrir ↗GitHub PoC★ 132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir ↗GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RIESGO
abrir ↗GitHub PoC
d4ngkh04w/CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RIESGO
abrir ↗GitHub PoC
CVE‑2024‑20399 - Draft
Cisco NX-OS Software CLI Command Injection Vulnerability
63RIESGO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
PoC for CVE-2015-10141 – Xdebug unauthenticated RCE
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RIESGO
abrir ↗GitHub PoC
akpmarcelin/CVE-2026-24061-lab
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗GitHub PoC★ 1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2025-30208 exploit script
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir ↗GitHub PoC★ 1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
CVE-2025-49844 exploit script
Redis Lua Use-After-Free may lead to remote code execution
85RIESGO
abrir ↗GitHub PoC★ 8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗VulnCheck XDB
info-leak
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir ↗GitHub PoC★ 62
CVE-2026-41940 exploitation proof-of-concept project
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.