Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 may 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 may 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 may 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RIESGO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
30RIESGO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware29 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
Full walkthrough of HTB's Reactor machine — exploit CVE-2025-55182 to gain a shell, then get root via an exposed Node.js debugger. Step-by-step with screenshots.
CVE-2025-55182CRITICALbajo ataqueransomware28 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
A Marp slide deck about CVE-2025-53770
CVE-2025-53770CRITICALbajo ataqueransomware28 may 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALbajo ataque28 may 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 may 2026
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2026-8380
CVE-2026-8380MEDIUM28 may 2026
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RIESGO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWbajo ataque28 may 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RIESGO
abrir
GitHub PoC
This script safely checks the local version of the LiteSpeed cPanel plugin to determine if the system is running a version vulnerable to CVE-2026-48172. It does not send exploits or interact with network endpoints maliciously.
CVE-2026-48172CRITICALbajo ataque28 may 2026
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RIESGO
abrir
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 may 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC
Isolated AD/Linux attack lab: exploited CVE-2007-2447 via Metasploit, detected with Wazuh SIEM mapped to MITRE ATT&CK (T1190, T1059)
CVE-2007-244728 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
CVE-2026-52806CRITICAL28 may 2026
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RIESGO
abrir
GitHub PoC
aarch64 and x64 python POC
CVE-2026-31431HIGHbajo ataque28 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
CVE-2026-43494HIGH28 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
krishnadevpmelevila/CVE-2026-39292
CVE-2026-39292HIGH28 may 2026
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RIESGO
abrir
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 may 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir
GitHub PoC
Black-box web application penetration test of BadStore e-commerce platform. Covers SQL injection, CVE-2006-3918, HTTP request manipulation, OSINT-driven spear phishing, and MITRE ATT&CK-mapped findings.
CVE-2006-391828 may 2026
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before
45RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 may 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RIESGO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 may 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RIESGO
abrir
GitHub PoC
EXPLOIT CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC2
⚠️ DISCLAIMER: This tool is intended for authorized penetration testing and educational purposes only. Using this tool against systems without explicit written permission is illegal. The developers are not responsible for any misuse or damage caused.
CVE-2026-41940CRITICALbajo ataqueransomware27 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.