Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
GitHub PoC
CVE-2026-23631-Draft
CVE-2026-23631MEDIUM04 jun 2026
redis-server Lua use-after-free may allow remote code execution
33RIESGO
abrir
GitHub PoC
Safe read-only version checker + Sigma rule for Redis CVE-2026-23479 (authenticated use-after-free → RCE). Find exposed instances, patch left-of-boom. By DugganUSA.
CVE-2026-23479HIGH04 jun 2026
redis-server use-after-free in unblock client flow may allow remote code execution
41RIESGO
abrir
GitHub PoC
PoC CVE-2026-8732 (WP Maps Pro <= 6.1.0)
CVE-2026-8732CRITICAL04 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL04 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-41089CRITICAL04 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC
CVE-2026-45247 - Draft
CVE-2026-45247CRITICALbajo ataque04 jun 2026
Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection
83RIESGO
abrir
VulnCheck XDB
local
CVE-2026-43500HIGH03 jun 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
GitHub PoC13
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC1
Rocket.Chat OAuth2 NoSQL Injection
CVE-2026-29198CRITICAL03 jun 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability c
48RIESGO
abrir
GitHub PoC1
CVE-2025-48595 - Draft
CVE-2025-48595HIGHbajo ataque03 jun 2026
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to
71RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque03 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
CVE-2026-46243HIGH03 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL03 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC1
Add go CVE-2026-46300 (Fragnesia) local privilege escalation exploit
CVE-2026-46300HIGH03 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC6
Este repositorio contiene un Proof of Concept (POC) para CVE-2026-49975, también conocida como HTTP/2 Bomb, una vulnerabilidad de denegación de servicio (DoS) remoto que afecta a la mayoría de los servidores web principales en su configuración HTTP/2 predeterminada, incluyendo:
CVE-2026-49975HIGH03 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC
CVE-2026-27145 - Draft
CVE-2026-27145MEDIUM03 jun 2026
Inefficient candidate hostname parsing in crypto/x509
33RIESGO
abrir
GitHub PoC
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305.
CVE-2026-10187CRITICAL03 jun 2026
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
48RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-0257HIGHbajo ataque03 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC3
Bulk scanning + one-click vulnerability exploitation
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
lowilol/CVE-2026-42945-NGINX-Rift-Check-Script
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC2
Shcesama/cve-2023-4863-analysis
CVE-2023-4863HIGHbajo ataque03 jun 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RIESGO
abrir
GitHub PoC
PoC exploit for CVE-2026-23744 — unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.
CVE-2026-23744CRITICAL03 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
CVE-2026-9256CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC
Saku0512/CVE-2026-54088-poc
CVE-2026-54088CRITICAL03 jun 2026
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALbajo ataque03 jun 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
CVE-2026-47423HIGH03 jun 2026
DOMPurify XSS via `selectedcontent` re-clone
41RIESGO
abrir
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RIESGO
abrir
GitHub PoC
这是一个用于防御巡检的 CVE-2026-41089 检测脚本。该漏洞是 Microsoft 在 2026 年 5 月安全更新中披露的 Windows Netlogon 远程代码执行漏洞。
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC14
CVE-2026-41089 是 Windows Netlogon 服务中一个关键的远程代码执行漏洞,单包即可崩溃 lsass.exe,导致域控制器在约 30-60 秒内重启。此期间该 DC 的所有域认证将失败。
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
anteriorpágina 35 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.