Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
VulnCheck XDB
initial-access
CVE-2025-5947CRITICAL30 may 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALbajo ataque30 may 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
CVE-2026-39987 - Draft
CVE-2026-39987CRITICALbajo ataque30 may 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-21413CRITICALbajo ataque30 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
Exploit-DB
YAMCS yamcs-core 5.12.7 - User Enumeration
CVE-2026-44595MEDIUMwebappsmultiple30 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
33RIESGO
abrir
GitHub PoC1
POC_CVE-2026-42589
CVE-2026-42589CRITICAL30 may 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir
GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
CVE-2026-43494HIGH30 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
SourceCodester Pharmacy Sales and Inventory System 1.0 - Vulnerable source code for CVE-2026-7392 SQL Injection
CVE-2026-7392MEDIUM30 may 2026
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
33RIESGO
abrir
Exploit-DB
YAMCS yamcs-core 5.12.7 - No Rate Limiting
CVE-2026-44596MEDIUMwebappsmultiple30 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42208CRITICALbajo ataque30 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 may 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RIESGO
abrir
Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
CVE-2026-42568MEDIUMwebappsmultiple30 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHbajo ataque30 may 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir
GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413CRITICALbajo ataque30 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHbajo ataque30 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2018-7600
CVE-2018-7600CRITICALbajo ataqueransomware30 may 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
GitHub PoC
CVE-2026-0257 - PAN-OS
CVE-2026-0257HIGHbajo ataque30 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALbajo ataque30 may 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALbajo ataqueransomware30 may 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
GitHub PoC
HAERIN-L/poc_cve-2026-42208
CVE-2026-42208CRITICALbajo ataque30 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC7
Notepad++ RCE via config.xml commandLineInterpreter
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALbajo ataqueransomware30 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALbajo ataqueransomware30 may 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
anteriorpágina 40 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.