Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.113 exploits
VulnCheck XDB
initial-access
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗VulnCheck XDB
initial-access
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir ↗VulnCheck XDB
local
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir ↗GitHub PoC
Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
33RIESGO
abrir ↗GitHub PoC
Cyber-DarkNay/CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RIESGO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC★ 1
Lab + writeup for CVE-2026-28699: Gitea OAuth2 scope enforcement bypass via HTTP Basic auth
Gitea Basic Auth bypasses OAuth2 access token scopes
41RIESGO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
CVE-2026-40791: Unauthenticated stored XSS in WP Time Slots Booking Form <= 1.2.46
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir ↗GitHub PoC
xxconi/CVE-2025-6254
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RIESGO
abrir ↗GitHub PoC
CVE-2026-50507 - Draft
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗VulnCheck XDB
initial-access
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC
CVE-2026-23479 Redis Use-After-Free vulnerability detection tool
redis-server use-after-free in unblock client flow may allow remote code execution
41RIESGO
abrir ↗GitHub PoC★ 15
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
CVE-2026-10795 – UpdraftPlus Authentication Bypass
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC★ 5
CVE-2026-25089 - Fortinet FortiSandbox
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
83RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
Saku0512/CVE-2026-48732-poc
Warp: Remote SSH cwd can lead to unauthorized remote command execution
41RIESGO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
WORDPRESS
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir ↗GitHub PoC
CVE-2026-48962 - IO::Compress - Code Execution
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
41RIESGO
abrir ↗VulnCheck XDB
denial-of-service
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir ↗GitHub PoC★ 5
watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗GitHub PoC★ 1
Vulnerability: Logic flow weakness in Remote Access and Mobile Access
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.