Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC★ 2
DylanZahedi/CVE-2026-9277
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RIESGO
abrir ↗GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2017-0144
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗GitHub PoC
kaleth4/CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
CVE-2026-20253 - Splunk Enterprise
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir ↗GitHub PoC★ 1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
Unbounded resend loop in BIND 9 resolver
33RIESGO
abrir ↗GitHub PoC
CVE-2026-20127
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗GitHub PoC
CVE-2025-14847 mongobleed python file
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir ↗GitHub PoC
rohit-sundar/cve-2026-23744
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC★ 1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
Xz: malicious code in distributed source
70RIESGO
abrir ↗GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗VulnCheck XDB
initial-access
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗VulnCheck XDB
info-leak
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir ↗GitHub PoC★ 4
CVE-2026-20245
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RIESGO
abrir ↗VulnCheck XDB
info-leak
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir ↗GitHub PoC
webshellseo8/CVE-2026-53787-POC-
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RIESGO
abrir ↗GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir ↗GitHub PoC
J1nKsC/CVE-2024-4367_test
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
AISec Plus Week 1 threat write-up — EchoLeak (CVE-2025-32711), zero-click indirect prompt injection in Microsoft 365 Copilot.
M365 Copilot Information Disclosure Vulnerability
48RIESGO
abrir ↗GitHub PoC★ 2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir ↗GitHub PoC
87achrafg-stack/CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
CyruxSec/CVE-2026-4524
Authentication Bypass Using an Alternate Path or Channel in GitLab
33RIESGO
abrir ↗GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RIESGO
abrir ↗GitHub PoC
webshellseo8/CVE-2026-1555-POC
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RIESGO
abrir ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.