Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC★ 4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RIESGO
abrir ↗GitHub PoC★ 1
This repository provides proof of concept (PoC) for the CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RIESGO
abrir ↗GitHub PoC★ 6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
MuharremK0/Info-Sys-Security-CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2026-8181 | Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC★ 1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir ↗GitHub PoC★ 4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RIESGO
abrir ↗GitHub PoC★ 5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir ↗GitHub PoC★ 1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
Authenticated RCE PoC for Flowise version <= 3.0.5 via CustomMCP Node (CVE-2025-59528)
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir ↗GitHub PoC★ 1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir ↗GitHub PoC
Linux kernel root exploit
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC★ 1
usmansec/-CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC★ 3
🛡️ Script to test for NGINX CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
DFIR investigation + 7 Suricata rules on a simulated NexaCorp intrusion (vsftpd 2.3.4 CVE-2011-2523 + MITRE Caldera C2). 4-day solo engagement (BeCode Brussels Mission 01). 54-page report, 10 findings, 7/7 rules validated by PCAP replay.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RIESGO
abrir ↗GitHub PoC
CVE-2026-6857
Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
41RIESGO
abrir ↗GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir ↗GitHub PoC★ 7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir ↗GitHub PoC
lwd3c/CVE-2026-46586
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RIESGO
abrir ↗GitHub PoC
This repository contains a Proof of Concept (PoC) Python script for CVE-2025-58434, which enables attackers to change passwords of other users without authentication process in flowise version 3.0.5 and lower due to token leakage.
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.