Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
Python tool for analyzing CVE-2018-16763 in FUEL CMS with cleaner response parsing and interactive vulnerability checking.
CVE-2018-1676308 jun 2026
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RIESGO
abrir
GitHub PoC2
FreePBX Pre-Auth SQLi to RCE (CVE-2025-57819) — All-in-One Exploit
CVE-2025-57819CRITICALbajo ataque07 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
Unauthenticated SQL injection in FreePBX Endpoint Manager (CVE-2025-57819) that injects a cron-scheduled PHP webshell for remote code execution.
CVE-2025-57819CRITICALbajo ataque07 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
CVE-2026-4480
CVE-2026-4480CRITICAL07 jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RIESGO
abrir
GitHub PoC1
Exploit CVE-2026-4480
CVE-2026-4480CRITICAL07 jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RIESGO
abrir
GitHub PoC
Drupal Core PostgreSQL SQLi to RCE via /user/login (CVE-2026-9082 / SA-CORE-2026-004)
CVE-2026-9082CRITICALbajo ataque07 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
m0nk3ygod/CVE-2026-34040-PoC
CVE-2026-34040HIGH07 jun 2026
Moby: AuthZ plugin bypass with oversized request body
41RIESGO
abrir
GitHub PoC
TechWithOrgito/CVE-2025-55182-Researching-process
CVE-2025-55182CRITICALbajo ataqueransomware06 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Dhananjayasj/CVE-2026-3844-Breeze-Cache-WordPress-Plugin-Remote-Code-Execution
CVE-2026-3844CRITICAL06 jun 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC
CVE-2023-46604-RCE exploit with Linux reverse shell payload
CVE-2023-46604CRITICALbajo ataqueransomware06 jun 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC1
horrister/moveit-transfer-cve-2023-34362
CVE-2023-34362CRITICALbajo ataqueransomware06 jun 2026
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir
GitHub PoC
Apache ActiveMQ RCE via Jolokia vulnerability analysis and reproduction notes
CVE-2026-34197HIGHbajo ataque06 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC3
🚀 CVE-2026-24061 - GNU inetutils-telnetd Auth Bypass Exploit - Full Control 💥 CRLF injection via NEW_ENVIRON leads to auth bypass & instant root shell. ✅ Single/Mass exploitation, multi-threading, custom port/user, pipe mode, session keep-alive, colored output, retries, timeout support. ⚡ Python & Bash versions. Critical CVSS 9.8.
CVE-2026-24061CRITICALbajo ataque06 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
GitHub PoC
CVE-2026-23744 Reverse shell
CVE-2026-23744CRITICAL06 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
Redacted cPanel/WHM authentication bypass analysis and authorized checker
CVE-2026-41940CRITICALbajo ataqueransomware06 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library.
CVE-2023-44487HIGHbajo ataque06 jun 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir
GitHub PoC1
Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover
CVE-2026-10580CRITICAL06 jun 2026
Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API
63RIESGO
abrir
GitHub PoC3
CVE-2026-42588 - Apache ActiveMQ Jolokia 远程代码执行漏洞利用 (RCE Exploit)
CVE-2026-42588HIGH06 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RIESGO
abrir
GitHub PoC
Hunt-Benito/mediatek-wlan-heap-overflow-cve-2026-20452-filogic-router-rce
CVE-2026-20452HIGH06 jun 2026
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proxi
41RIESGO
abrir
GitHub PoC
Proof-of-concept exploit for CVE-2026-24849, an authenticated path-traversal / arbitrary file read in OpenEMR's Fax/SMS (EtherFax) module. Any authenticated user regardless of privilege level can read arbitrary files from the server filesystem as the web-server user (database credentials, patient documents/PHI, /etc/passwd, …
CVE-2026-24849CRITICAL06 jun 2026
OpenEMR Arbitrary File Read Vulnerability
48RIESGO
abrir
GitHub PoC7
CVE-2025-57819 -> rce
CVE-2025-57819CRITICALbajo ataque06 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC8
0xEhab/FreePBX-CVE-2025-57819-RCE
CVE-2025-57819CRITICALbajo ataque06 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
t1ckprivate/CVE-2022-0847-Dirty-Pipe
CVE-2022-0847HIGHbajo ataque06 jun 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir
GitHub PoC
CVE-2026-20245 - Cisco SD-WAN - Draft
CVE-2026-20245HIGHbajo ataque06 jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RIESGO
abrir
GitHub PoC
Controlled NGINX HTTP/2 frame injection lab for CVE-2026-42926 patch validation and defensive research
CVE-2026-42926MEDIUM06 jun 2026
NGINX ngx_http_proxy_v2_module vulnerability
33RIESGO
abrir
GitHub PoC
yurahshell/CVE-2026-41940
CVE-2026-41940CRITICALbajo ataqueransomware05 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC64
Safely detect whether a UniFi OS Server is vulnerable to CVE-2026-34908
CVE-2026-34908CRITICALbajo ataque05 jun 2026
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de
78RIESGO
abrir
GitHub PoC
ARMember Premium <= 7.3.1 Full Admin Account Takeover
CVE-2026-5076CRITICAL05 jun 2026
ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
48RIESGO
abrir
GitHub PoC1
CVE-2026-20230 - Cisco Unified CM
CVE-2026-20230HIGH05 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir
GitHub PoC
Technical writeup and penetration testing report for CVE-2010-2075, demonstrating UnrealIRCd backdoor exploitation and remediation.
CVE-2010-207505 jun 2026
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.