Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC
Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir ↗GitHub PoC
This is POC repo for CVE-2026-48208
Denial-of-Service via SVG Rendering in Ticket
33RIESGO
abrir ↗GitHub PoC
notthemystery/CVE-2026-20700-POC-that-ll-never-work
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RIESGO
abrir ↗GitHub PoC★ 6
CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-36239 | Authenticated RCE in PbootCMS ≤3.2.12
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
33RIESGO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM < 1.83.10 Privilege Escalation via User Update
41RIESGO
abrir ↗GitHub PoC
XWiki Platform - CVE-2026-33137 PoC - Unauthenticated XAR Import via REST /wikis/{wikiName}
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
48RIESGO
abrir ↗GitHub PoC
translating original python exploit to C
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir ↗GitHub PoC
Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir ↗GitHub PoC
w3nch/CVE-2025-55182-in-go
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
🎓 PoC Educativo para CVE-2026-23520. Laboratorio de análisis de vulnerabilidades y mitigación controlada. 🧪
Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
48RIESGO
abrir ↗GitHub PoC
CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir ↗GitHub PoC
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
Adobe Commerce | Improper Input Validation (CWE-20)
100RIESGO
abrir ↗GitHub PoC
CVE-2025-47812 Poc for wingdata HTB
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗GitHub PoC
mein-0/cve-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RIESGO
abrir ↗GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗GitHub PoC
Leemyunglyul/cve-2021-4034-mock
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC★ 7
Drupal CVE-2026-9082 Blind SQL Injection Checker
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC★ 4
BitLocker TPM+PIN Hardening Against CVE-2026-45585 (YellowKey)
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC★ 1
Local Privilege Escalation in Amazon WorkSpaces via TOCTOU and Arbitrary File Write
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpace
41RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
Windows DNS Client Remote Code Execution Vulnerability
48RIESGO
abrir ↗GitHub PoC★ 2
copy_fail:CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
Tracking the nginx CVE-2026-9256 rewrite-module heap overflow
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir ↗GitHub PoC
cPanel user run arbitrary scripts as root
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.