Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
CVE-2026-8732 - Draft (WordPress)
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC
SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH01 jun 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir
GitHub PoC
ICT279 Vulnerability Detection and Mitigation Project using CVE-2025-24813 in an Internet Banking Environment
CVE-2025-24813CRITICALbajo ataque01 jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089CRITICAL01 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC2
DeepSecurityResearch/CVE-2026-2586
CVE-2026-2586CRITICAL01 jun 2026
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RIESGO
abrir
GitHub PoC1
CVE-2026-45585
CVE-2026-45585MEDIUM31 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
CVE-2025-55182CRITICALbajo ataqueransomware31 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
CVE-2026-48800HIGH31 may 2026
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RIESGO
abrir
GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
CVE-2024-38475CRITICALbajo ataque31 may 2026
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RIESGO
abrir
GitHub PoC1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
Jeanback1/CVE-2019-0211-exploit
CVE-2019-0211HIGHbajo ataque31 may 2026
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RIESGO
abrir
GitHub PoC
CVE-2026-23744 PoC
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
CVE-2023-6553CRITICAL31 may 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
b1nhack/CVE-2024-1086
CVE-2024-1086HIGHbajo ataqueransomware31 may 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
GitHub PoC2
CVE-2026-23744 RCE + Privilege Escalation
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2014-3120
CVE-2014-3120HIGHbajo ataque31 may 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir
GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
CVE-2026-8836CRITICAL31 may 2026
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RIESGO
abrir
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
CVE-2019-905331 may 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC7
Notepad++ RCE via config.xml commandLineInterpreter
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALbajo ataqueransomware30 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALbajo ataqueransomware30 may 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2018-7600
CVE-2018-7600CRITICALbajo ataqueransomware30 may 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHbajo ataque30 may 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 may 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RIESGO
abrir
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 may 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 may 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RIESGO
abrir
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
CVE-2025-5947CRITICAL30 may 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.