Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 may 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49
CVE-2021-41773HIGHbajo ataqueransomware21 may 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC22
CVE-2026-45250 - FreeBSD 14.x LPE
CVE-2026-45250HIGH21 may 2026
Stack buffer overflow via setcred(2)
41RIESGO
abrir
GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
CVE-2026-31635HIGH21 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
CVE-2026-0300CRITICALbajo ataque21 may 2026
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RIESGO
abrir
GitHub PoC4
0xFuffM3/CVE-2026-31635-DirtyDecrypt
CVE-2026-31635HIGH21 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC1
Intune Remediation package for the CVE-2026-45585 YellowKey BitLocker/WinRE bypass mitigation described in the provided procedure. This package removes `autofstx.exe` from the offline WinRE image's `BootExecute` value and refreshes WinRE registration so BitLocker trust is reestablished.
CVE-2026-45585MEDIUM21 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
yangh-beep/CVE-2026-31431-C
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-45829
CVE-2026-45829CRITICAL21 may 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RIESGO
abrir
GitHub PoC1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
CVE-2026-4885CRITICAL21 may 2026
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RIESGO
abrir
GitHub PoC1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
CVE-2026-2587CRITICAL20 may 2026
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RIESGO
abrir
GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
CVE-2026-31635HIGH20 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
CVE-2026-31431HIGHbajo ataque20 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
CVE-2026-45829CRITICAL20 may 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RIESGO
abrir
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
CVE-2026-30950HIGH20 may 2026
AutoGPT has Authenticated Session Hijacking via IDOR
41RIESGO
abrir
GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
CVE-2026-31635HIGH20 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
CVE-2026-45321CRITICALbajo ataqueransomware20 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
POC_CVE-2026-35037
CVE-2026-35037HIGH20 may 2026
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
41RIESGO
abrir
GitHub PoC
CVE-2024-4367–PDF.js-xss
CVE-2024-4367MEDIUM20 may 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir
GitHub PoC
hyperchk/CVE-2025-24071-POC
CVE-2025-24071MEDIUM20 may 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RIESGO
abrir
GitHub PoC1
VULNERAVEL CVE-2018-14847 - CREDENCIAIS EXTRAIDAS MIKROTIK EM PYTHON
CVE-2018-14847CRITICALbajo ataque20 may 2026
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 may 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir
GitHub PoC
yusufdalbudak/CVE-2026-42945
CVE-2026-42945CRITICAL20 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.