Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir ↗GitHub PoC
「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RIESGO
abrir ↗GitHub PoC★ 4
0xFuffM3/CVE-2026-31635-DirtyDecrypt
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗GitHub PoC★ 1
Intune Remediation package for the CVE-2026-45585 YellowKey BitLocker/WinRE bypass mitigation described in the provided procedure. This package removes `autofstx.exe` from the offline WinRE image's `BootExecute` value and refreshes WinRE registration so BitLocker trust is reestablished.
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
yangh-beep/CVE-2026-31431-C
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RIESGO
abrir ↗GitHub PoC★ 1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RIESGO
abrir ↗GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC★ 20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-42945 - NGINX Rift Toolkit
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
AutoGPT has Authenticated Session Hijacking via IDOR
41RIESGO
abrir ↗GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC
POC_CVE-2026-35037
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
41RIESGO
abrir ↗GitHub PoC
CVE-2024-4367–PDF.js-xss
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir ↗GitHub PoC
hyperchk/CVE-2025-24071-POC
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir ↗GitHub PoC★ 1
VULNERAVEL CVE-2018-14847 - CREDENCIAIS EXTRAIDAS MIKROTIK EM PYTHON
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir ↗GitHub PoC★ 2
A Go implementation of fragnesia (CVE-2026-46300)
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC★ 23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.