Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.114 exploits
VulnCheck XDB
initial-access
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir ↗GitHub PoC
Saku0512/CVE-2026-54088-poc
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
48RIESGO
abrir ↗GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
DOMPurify XSS via `selectedcontent` re-clone
41RIESGO
abrir ↗GitHub PoC★ 1
PoC of CVE-2026-49943
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RIESGO
abrir ↗GitHub PoC★ 18
CVE-2026-50343 InstallService StaticPluginMap EoP - standard user to SYSTEM
Microsoft Install Service Elevation of Privilege Vulnerability
41RIESGO
abrir ↗GitHub PoC★ 1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir ↗GitHub PoC★ 1
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RIESGO
abrir ↗GitHub PoC
Ez4rd1x1/CVE-2026-8181
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC★ 2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗GitHub PoC★ 1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
CVE-2026-23744 Proof-of-concept.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
CVE-2026-31525 - Draft
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RIESGO
abrir ↗GitHub PoC★ 2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
smb: client: reject userspace cifs.spnego descriptions
41RIESGO
abrir ↗VulnCheck XDB
initial-access
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗VulnCheck XDB
initial-access
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RIESGO
abrir ↗GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir ↗GitHub PoC
jenniferreire26/CVE-2026-39987
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir ↗GitHub PoC
entr0pie/demo-cve-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir ↗GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC★ 3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RIESGO
abrir ↗GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.