Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
CVE-2026-34156CRITICAL02 jun 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RIESGO
abrir
GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
CVE-2026-49009LOW02 jun 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RIESGO
abrir
GitHub PoC
"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."
CVE-2014-6271CRITICALbajo ataque02 jun 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2023-21839HIGHbajo ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir
GitHub PoC2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
CVE-2026-46243HIGH02 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALbajo ataque02 jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHbajo ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RIESGO
abrir
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RIESGO
abrir
GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALbajo ataque02 jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHbajo ataque02 jun 2026
Grafana path traversal
100RIESGO
abrir
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
CVE-2026-31431HIGHbajo ataque01 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir
GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291HIGH01 jun 2026
CVE-2026-2291
41RIESGO
abrir
GitHub PoC
SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH01 jun 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHbajo ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHbajo ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27886CRITICAL01 jun 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RIESGO
abrir
GitHub PoC
CVE analysis of CVE-2025-40536, SolarWinds Web Help Desk security control bypass (CVSS 8.1). Covers vulnerability mechanics, attack chain with companion RCE CVEs, Storm-2603 threat actor attribution, MITRE ATT&CK mapping, and detection/remediation guidance for DoD and government environments.
CVE-2025-40536HIGHbajo ataque01 jun 2026
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RIESGO
abrir
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
CVE-2026-23744CRITICAL01 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
lucastran05/CVE-2026-29000
CVE-2026-29000CRITICAL01 jun 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir
GitHub PoC
CVE-2026-9560 - Draft
CVE-2026-9560CRITICAL01 jun 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.