Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC
CVE-2026-5364 is a CVSS 8.1 (High) Unauthenticated Arbitrary File Upload vulnerability in the Drag and Drop File Upload for Contact Form 7
Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
41RIESGO
abrir ↗GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir ↗GitHub PoC
CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback
48RIESGO
abrir ↗GitHub PoC
Educational lab demonstrating CVE-2025-55182: Critical RCE in React Server Components via prototype pollution in the Flight protocol
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2026-5426
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
48RIESGO
abrir ↗GitHub PoC
CVE-2026-48095
GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation
41RIESGO
abrir ↗GitHub PoC★ 10
ambionics/cve-2026-9082-drupal-postgresql-rce
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RIESGO
abrir ↗GitHub PoC★ 1
Proof-of-concept for CVE-2026-43284 — 4-byte XFRM/ESP page-cache write primitive to patch a setuid binary (x86_64, user namespaces). Includes kernel preflight + SUID scan.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
xxconi/CVE-2026-46275
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
41RIESGO
abrir ↗GitHub PoC★ 1
Cisco Catalyst SD-WAN Peering Authentication Bypass
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗GitHub PoC
Multi-language PoC (Python · Go · JS · C) and technical documentation for CVE-2025-63353, a critical predictable-default-PSK vulnerability in FiberHome HG6145F1 GPON ONT devices.
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RIESGO
abrir ↗GitHub PoC★ 1
Repository for studying the CVE-2026-42945 vulnerability in nginx < 1.30
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir ↗GitHub PoC★ 1
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir ↗GitHub PoC
A proof of concept for CVE 2024 23113 inspired by WatchTowr's article.
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.
90RIESGO
abrir ↗GitHub PoC
Manual, non-Metasploit authenticated Remote Code Execution (RCE) exploit via the browser URL bar for Webmin 1.580 (CVE-2012-2982)
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid
50RIESGO
abrir ↗GitHub PoC
Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir ↗GitHub PoC★ 29
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RIESGO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RIESGO
abrir ↗GitHub PoC
translating original python exploit to C
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir ↗GitHub PoC
This is POC repo for CVE-2026-48208
Denial-of-Service via SVG Rendering in Ticket
33RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-36239 | Authenticated RCE in PbootCMS ≤3.2.12
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
33RIESGO
abrir ↗GitHub PoC
Critical vulnerability in Siemens RuggedCom ROS devices allowing attackers to derive a hidden factory account password from the device MAC address and gain unauthorized administrative access via TELNET, rsh, or serial interfaces. Affects ROS 3.10.x and earlier.
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Ad
50RIESGO
abrir ↗GitHub PoC
XWiki Platform - CVE-2026-33137 PoC - Unauthenticated XAR Import via REST /wikis/{wikiName}
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
48RIESGO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-42880
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RIESGO
abrir ↗GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir ↗GitHub PoC★ 6
CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.