Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALbajo ataque03 jun 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
Saku0512/CVE-2026-54088-poc
CVE-2026-54088CRITICAL03 jun 2026
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
48RIESGO
abrir
GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
CVE-2026-47423HIGH03 jun 2026
DOMPurify XSS via `selectedcontent` re-clone
41RIESGO
abrir
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RIESGO
abrir
GitHub PoC18
CVE-2026-50343 InstallService StaticPluginMap EoP - standard user to SYSTEM
CVE-2026-50343HIGH03 jun 2026
Microsoft Install Service Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
CVE-2026-43284HIGH03 jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
CVE-2026-9256CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC1
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
CVE-2026-31431HIGHbajo ataque03 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2021-43798HIGHbajo ataque02 jun 2026
Grafana path traversal
100RIESGO
abrir
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RIESGO
abrir
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
CVE-2026-46243HIGH02 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-21839HIGHbajo ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir
GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
CVE-2026-49009LOW02 jun 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALbajo ataque02 jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALbajo ataque02 jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHbajo ataque02 jun 2026
Grafana path traversal
100RIESGO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHbajo ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RIESGO
abrir
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
anteriorpágina 36 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.