Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
Lab 3: Supervisord XML-RPC Remote Code Execution (CVE-2017-11610) - Writeup and Exploit
CVE-2017-1161027 may 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RIESGO
abrir
GitHub PoC
mein-0/cve-2026-0828
CVE-2026-0828HIGH27 may 2026
Kernel driver vulnerability in Safetica Endpoint Client
41RIESGO
abrir
GitHub PoC
SOC336 - Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025-21298) Walkthrough
CVE-2025-21298CRITICAL27 may 2026
Windows OLE Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC
SSRF Discovered in Mercator
CVE-2026-49345MEDIUM27 may 2026
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RIESGO
abrir
GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
CVE-2026-49344HIGH27 may 2026
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RIESGO
abrir
GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172HIGH27 may 2026
CVE-2026-5172
41RIESGO
abrir
GitHub PoC3
Ghost Content API SQL Injection
CVE-2026-26980CRITICAL27 may 2026
Ghost has a SQL Injection in its Content API
75RIESGO
abrir
GitHub PoC1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
CVE-2026-48710MEDIUM27 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893MEDIUM27 may 2026
CVE-2026-4893
33RIESGO
abrir
GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
CVE-2026-9082CRITICALbajo ataque27 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
thinhap/CVE-2026-9082-PoC
CVE-2026-9082CRITICALbajo ataque27 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
0x00phantom-hat/Hoverfly-1.11.3-RCE-CVE-2025-54123-Exploit
CVE-2025-54123CRITICAL27 may 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
this is a study about CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
CVE-2021-3156HIGHbajo ataque27 may 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 may 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RIESGO
abrir
GitHub PoC2
⚠️ DISCLAIMER: This tool is intended for authorized penetration testing and educational purposes only. Using this tool against systems without explicit written permission is illegal. The developers are not responsible for any misuse or damage caused.
CVE-2026-41940CRITICALbajo ataqueransomware27 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
CVE-2026-45659
CVE-2026-45659HIGHbajo ataque27 may 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir
GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
CVE-2026-45659HIGHbajo ataque27 may 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir
GitHub PoC18
CVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication
CVE-2026-27771HIGH27 may 2026
Gitea Composer package source links use insufficient permission checks
68RIESGO
abrir
GitHub PoC
CVE-2026-27771 - Draft
CVE-2026-27771HIGH27 may 2026
Gitea Composer package source links use insufficient permission checks
68RIESGO
abrir
GitHub PoC
Description
CVE-2022-22965CRITICALbajo ataque27 may 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
GitHub PoC
Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目
CVE-2022-22965CRITICALbajo ataque27 may 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2017-10271
CVE-2017-10271HIGHbajo ataqueransomware27 may 2026
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RIESGO
abrir
GitHub PoC
PrintNightmare Report
CVE-2021-34527HIGHbajo ataqueransomware27 may 2026
Windows Print Spooler Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition
CVE-2021-3560HIGHbajo ataque27 may 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RIESGO
abrir
GitHub PoC
Educational lab demonstrating CVE-2025-55182: Critical RCE in React Server Components via prototype pollution in the Flight protocol
CVE-2025-55182CRITICALbajo ataqueransomware26 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2017-5638
CVE-2017-5638CRITICALbajo ataqueransomware26 may 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
GitHub PoC
CVE-2026-5426
CVE-2026-5426CRITICAL26 may 2026
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
48RIESGO
abrir
GitHub PoC
xl337x/CVE-2023-31902
CVE-2023-31902CRITICAL26 may 2026
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RIESGO
abrir
GitHub PoC
xxconi/CVE-2026-46275
CVE-2026-46275HIGH26 may 2026
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
41RIESGO
abrir
GitHub PoC
CVE-2021-43798 MiNi Exploitation Framework
CVE-2021-43798HIGHbajo ataque26 may 2026
Grafana path traversal
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.