Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Maxime288/Fragnesia-CVE-2026-46300
CVE-2026-46300HIGH20 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
CVE-2026-26980CRITICAL20 may 2026
Ghost has a SQL Injection in its Content API
75RIESGO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 may 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir
GitHub PoC
a24ac1/CVE-2026-0740
CVE-2026-0740CRITICAL20 may 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
GitHub PoC
MGTx2/CVE-2026-39107
CVE-2026-39107MEDIUM20 may 2026
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails
33RIESGO
abrir
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
Verified vulnerability journey for CVE-2025-8110 (Gogs) and CVE-2025-3248 (Langflow) — risk triage, exploitability verification, verified patches.
CVE-2025-8110HIGHbajo ataque20 may 2026
File overwrite in file update API in Gogs
100RIESGO
abrir
GitHub PoC
yusufdalbudak/CVE-2026-42945
CVE-2026-42945CRITICAL20 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2025-8110 Proof of Concept
CVE-2025-8110HIGHbajo ataque20 may 2026
File overwrite in file update API in Gogs
100RIESGO
abrir
GitHub PoC1
Dirty Frag - kernel Linux critical Vulnerability
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC2
Example application, vulnerable to CVE-2023-32692 (Validation Rule Injection in the PHP Framework CodeIgniter)
CVE-2023-32692CRITICAL19 may 2026
Remote Code Execution Vulnerability in Validation Placeholders
48RIESGO
abrir
GitHub PoC
Maxime288/CVE-2026-8838-RCE
CVE-2026-8838CRITICAL19 may 2026
Remote Code Execution via eval() Injection in amazon-redshift-python-driver
48RIESGO
abrir
GitHub PoC
suil12/CVE-2025-24813_presentation
CVE-2025-24813CRITICALbajo ataque19 may 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC
anonmrc/CVE-2026-34486-e-Tomcat-Tribes
CVE-2026-34486HIGH19 may 2026
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RIESGO
abrir
GitHub PoC1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
CVE-2026-34474HIGH19 may 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir
GitHub PoC
PwnKit (CVE-2021-4034) Safe Checker This tool performs read-only checks and does not attempt exploitation.
CVE-2021-4034HIGHbajo ataque19 may 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
rufflabs/CVE-2026-36748
CVE-2026-36748CRITICAL19 may 2026
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RIESGO
abrir
GitHub PoC1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
SMB Red Team Lab— NTLM Relay via LLMNR Poisoning, CVE-2007-2447, NTLMv2 Hash Cracking & NT AUTHORITY\SYSTEM on Windows 10
CVE-2007-244719 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC
Writeup da sala Blue do TryHackMe — exploração do EternalBlue (MS17-010/CVE-2017-0143).
CVE-2017-0143HIGHbajo ataqueransomware19 may 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-35029HIGH19 may 2026
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
61RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-11344-RCE
CVE-2026-11344MEDIUM19 may 2026
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RIESGO
abrir
GitHub PoC
CVE-2026-30691: Stored Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer
CVE-2026-30691MEDIUM19 may 2026
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitra
33RIESGO
abrir
GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
CVE-2025-55182CRITICALbajo ataqueransomware19 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC5
CVE-2026-31635
CVE-2026-31635HIGH19 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC
Shell scanner for CVE-2026-31431 "Copy Fail" — a local privilege escalation via Linux kernel page cache corruption (algif_aead/AF_ALG). Checks kernel version, patch status, module state, setuid exposure and mitigations. Supports Debian 11–13 and Ubuntu 20.04–25.10. CI/CD-ready (exit codes + JSON output).
CVE-2026-31431HIGHbajo ataque19 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-35030CRITICAL19 may 2026
LiteLLM has an authentication bypass via OIDC userinfo cache key collision
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.