Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
CVE-2026-20230HIGH12 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir
GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE-2026-8809CRITICAL12 jun 2026
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RIESGO
abrir
GitHub PoC2
CVE-2026-25089
CVE-2026-25089CRITICALbajo ataque12 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
83RIESGO
abrir
GitHub PoC4
CVE-2026-35273
CVE-2026-35273CRITICALbajo ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir
GitHub PoC3
Toolkit for CVE-2025-55182, also known as React2Shell.
CVE-2025-55182CRITICALbajo ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
CVE-2026-35273
CVE-2026-35273CRITICALbajo ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
CVE-2026-46645MEDIUM12 jun 2026
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RIESGO
abrir
GitHub PoC3
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque12 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
CVE-2026-28318HIGHbajo ataque12 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir
GitHub PoC9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir
GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
CVE-2025-57819CRITICALbajo ataque12 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
CVE-2025-32433CRITICALbajo ataque12 jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2021-4045
CVE-2021-4045CRITICAL11 jun 2026
TP-LINK Tapo C200 remote code execution vulnerability
70RIESGO
abrir
GitHub PoC1
PoC didático em Python 3 para a CVE-2019-9053, uma SQL Injection time-based blind no CMS Made Simple <= 2.2.9. Esta versão foi adaptada para uso em CTF/laboratório, com prefixos pré-configurados para reduzir o tempo de extração e mensagens explicativas em português.
CVE-2019-905311 jun 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2025-6440
CVE-2025-6440CRITICAL11 jun 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC
FangFang-Yi/CVE-2024-30088
CVE-2024-30088HIGHbajo ataqueransomware11 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir
GitHub PoC
CVE-2026-10795 – UpdraftPlus Authentication Bypass
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-7458
CVE-2026-7458CRITICAL11 jun 2026
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint
48RIESGO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2025-43529HIGHbajo ataque11 jun 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RIESGO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
VulnCheck XDB
local
CVE-2023-21768HIGH11 jun 2026
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir
GitHub PoC
Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
CVE-2026-44166MEDIUM11 jun 2026
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
33RIESGO
abrir
GitHub PoC
CVE-2026-40791: Unauthenticated stored XSS in WP Time Slots Booking Form <= 1.2.46
CVE-2026-40791HIGH11 jun 2026
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL11 jun 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC15
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
CVE-2026-48907CRITICALbajo ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-5027 - Draft
CVE-2026-5027HIGH11 jun 2026
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RIESGO
abrir
GitHub PoC1
CVE-2026-11645
CVE-2026-11645HIGHbajo ataque11 jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RIESGO
abrir
GitHub PoC1
Lab + writeup for CVE-2026-28699: Gitea OAuth2 scope enforcement bypass via HTTP Basic auth
CVE-2026-28699HIGH11 jun 2026
Gitea Basic Auth bypasses OAuth2 access token scopes
41RIESGO
abrir
anteriorpágina 26 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.