Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.113 exploits
VulnCheck XDB
initial-access
CVE-2026-23550CRITICAL11 jun 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL11 jun 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
VulnCheck XDB
local
CVE-2023-21768HIGH11 jun 2026
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir
GitHub PoC
Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
CVE-2026-44166MEDIUM11 jun 2026
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
33RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-7458
CVE-2026-7458CRITICAL11 jun 2026
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint
48RIESGO
abrir
GitHub PoC1
CVE-2026-11645
CVE-2026-11645HIGHbajo ataque11 jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC1
Lab + writeup for CVE-2026-28699: Gitea OAuth2 scope enforcement bypass via HTTP Basic auth
CVE-2026-28699HIGH11 jun 2026
Gitea Basic Auth bypasses OAuth2 access token scopes
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC
CVE-2026-40791: Unauthenticated stored XSS in WP Time Slots Booking Form <= 1.2.46
CVE-2026-40791HIGH11 jun 2026
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-45034
CVE-2026-45034CRITICAL11 jun 2026
PhpSpreadsheet: File::prohibitWrappers bypass
48RIESGO
abrir
GitHub PoC
xxconi/CVE-2025-6254
CVE-2025-6254CRITICAL11 jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RIESGO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC
CVE-2026-23479 Redis Use-After-Free vulnerability detection tool
CVE-2026-23479HIGH11 jun 2026
redis-server use-after-free in unblock client flow may allow remote code execution
41RIESGO
abrir
GitHub PoC15
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
CVE-2026-48907CRITICALbajo ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-10795 – UpdraftPlus Authentication Bypass
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC5
CVE-2026-25089 - Fortinet FortiSandbox
CVE-2026-25089CRITICALbajo ataque10 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
83RIESGO
abrir
GitHub PoC2
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
CVE-2026-10520CRITICAL10 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC
Saku0512/CVE-2026-48732-poc
CVE-2026-48732HIGH10 jun 2026
Warp: Remote SSH cwd can lead to unauthorized remote command execution
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL10 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC
FreeBSD LPE
CVE-2026-49413HIGH10 jun 2026
Flaw in Linuxulator execution of setugid binaries
41RIESGO
abrir
GitHub PoC
WORDPRESS
CVE-2026-5718HIGH10 jun 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC
CVE-2026-42945 Nginx Rift
CVE-2026-42945CRITICAL10 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2026-48962 - IO::Compress - Code Execution
CVE-2026-48962HIGH10 jun 2026
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
41RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-28318HIGHbajo ataque10 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir
GitHub PoC5
watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC1
Vulnerability: Logic flow weakness in Remote Access and Mobile Access
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
anteriorpágina 28 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.