Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
CVE-2026-42568MEDIUMwebappsmultiple30 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-21413CRITICALbajo ataque30 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42589CRITICAL30 may 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHbajo ataque30 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 may 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux29 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
Exploit-DB
MikroORM 7.0.13 - SQL Injection
CVE-2026-44680HIGHwebappsmultiple29 may 2026
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-47176MEDIUM29 may 2026
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2022-26923HIGHbajo ataque29 may 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir
Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CVE-2026-44376MEDIUMwebappsmultiple29 may 2026
CubeCart: Reflected XSS in Store Search Bar
33RIESGO
abrir
GitHub PoC26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque29 may 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGHlocallinux29 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque29 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
writeup
CVE-2026-8697HIGH29 may 2026
Improper Authentication Rate Limiting on TP-Link's Archer C64
41RIESGO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
33RIESGO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
33RIESGO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 may 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir
Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
CVE-2026-1830CRITICAL29 may 2026
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 may 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-1263529 may 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 may 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RIESGO
abrir
Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
CVE-2026-0926CRITICAL29 may 2026
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RIESGO
abrir
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
anteriorpágina 41 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.