Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
CVE-2026-10795HIGH15 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC2
DylanZahedi/CVE-2026-9277
CVE-2026-9277CRITICAL15 jun 2026
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RIESGO
abrir
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHbajo ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHbajo ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2022-30190
CVE-2022-30190HIGHbajo ataqueransomware14 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALbajo ataque14 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 jun 2026
Unbounded resend loop in BIND 9 resolver
33RIESGO
abrir
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALbajo ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHbajo ataque14 jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 jun 2026
Xz: malicious code in distributed source
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-0144HIGHbajo ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2025-14847HIGHbajo ataque14 jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHbajo ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2021-41773HIGHbajo ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RIESGO
abrir
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
AISec Plus Week 1 threat write-up — EchoLeak (CVE-2025-32711), zero-click indirect prompt injection in Microsoft 365 Copilot.
CVE-2025-32711CRITICAL13 jun 2026
M365 Copilot Information Disclosure Vulnerability
48RIESGO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CyruxSec/CVE-2026-4524
CVE-2026-4524MEDIUM13 jun 2026
Authentication Bypass Using an Alternate Path or Channel in GitLab
33RIESGO
abrir
GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
CVE-2026-48017HIGH13 jun 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RIESGO
abrir
GitHub PoC
webshellseo8/CVE-2026-1555-POC
CVE-2026-1555CRITICAL13 jun 2026
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RIESGO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHbajo ataque13 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
anteriorpágina 24 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.