Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.053exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.086 exploits
GitHub PoC
CVE-2026-54390 — JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1
JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer
48RIESGO
abrir ↗GitHub PoC★ 2
A Proof of Concept (PoC) exploit for CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir ↗GitHub PoC
caspy123/CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC
Exploitability PoC for CVE-2026-9558 (SSTI Mautic Theme)
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twi
48RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40860 — Apache Camel camel-jms/sjms/amqp JMS ObjectMessage unsafe deserialization (RCE)
Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
48RIESGO
abrir ↗GitHub PoC★ 1
Reproducer for CVE-2026-40858 — Apache Camel camel-infinispan remote aggregation repository unsafe deserialization (RCE)
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
41RIESGO
abrir ↗GitHub PoC
CVE-2026-28992 IOHIDFamily FastPathUserClient race condition PoC — security research
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7
33RIESGO
abrir ↗GitHub PoC★ 1
inforcqb/CVE-2026-43499-pja110
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC
包括能执行的命令探测和一键getshell(需要服务器部署服务)
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)
Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
41RIESGO
abrir ↗GitHub PoC★ 1
0x00phantom-hat/CVE-2026-12400-Exploit
FlowForms <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification via REST API '/flowforms/v1/forms/{id}' Endpoints
33RIESGO
abrir ↗GitHub PoC
Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.
Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to e
41RIESGO
abrir ↗GitHub PoC
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
Apache APISIX: Authentication bypass in jwe-decrypt
33RIESGO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗GitHub PoC
cazzysoci/cve-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
Vite: `server.fs.deny` bypass on Windows alternate paths
41RIESGO
abrir ↗GitHub PoC★ 2
tc3650/CVE-2026-43499-armv7
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page
Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
41RIESGO
abrir ↗GitHub PoC★ 154
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page
Langroid: Path traversal in the file tools allows read/write outside configured current directory
41RIESGO
abrir ↗GitHub PoC★ 44
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC
Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517
Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-53359漏洞补丁
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RIESGO
abrir ↗GitHub PoC
CVE-2026-50746... - Draft
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Conne
48RIESGO
abrir ↗GitHub PoC★ 1
lieehrdiansyah12/CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir ↗GitHub PoC
Proof of concept exploit for CVE-2026-3775/CVE-2026-3780 and CVE-2026-57239 which lets you obtain NT AUTHORITY\SYSTEM rights via the Foxit PDF Reader updater service.
Foxit PDF Editor/Reader Local Privilege Escalation
41RIESGO
abrir ↗GitHub PoC★ 11
Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.