Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
Medaz-Sploit/CVE-2025-9074-Docker-Desktop-API-Escape-PoC
CVE-2025-9074CRITICAL15 may 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir
GitHub PoC
tocong282/CVE-2026-44578-PoC
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC6
Nuclei templates for detecting CVE-2026-44578 (Next.js WebSocket Upgrade SSRF) with multi-cloud metadata validation, Next.js fingerprinting, and real-world scanning workflows. Includes references to the original NextSSRF research and exploit tooling.
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC3
In‑depth technical analysis of CVE‑2026‑41096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.
CVE-2026-41096CRITICAL15 may 2026
Windows DNS Client Remote Code Execution Vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-44338
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
GitHub PoC
xd20111/CVE-2026-43284
CVE-2026-43284HIGH15 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
GitHub PoC
Astianjy/CVE-2026-42203
CVE-2026-42203HIGH15 may 2026
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
41RIESGO
abrir
GitHub PoC
Tester for CVE-2026-43284
CVE-2026-43284HIGH15 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC75
NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
CVE-2026-42154HIGH15 may 2026
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RIESGO
abrir
GitHub PoC6
Automated exploitation scanner for Oracle Reports Server (rwservlet) — CVE-2012-3152 / CVE-2012-3153. Detects, fingerprints, reads files via LFI, tests SSRF via webhook, and uploads JSP shells. Targets Oracle Reports < 11g. For authorized use only.
CVE-2012-3152CRITICALbajo ataque15 may 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RIESGO
abrir
GitHub PoC
Educational environment for LTAT.04.022 Homework 4.
CVE-2023-44487HIGHbajo ataque15 may 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir
GitHub PoC3
Behavioral detection script for CVE-2026-42945 (NGINX Rift) — heap overflow in ngx_http_rewrite_module. No RCE, crash-based detection only.
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC1
VsFTPd 2.3.4 Backdoor Command Execution
CVE-2011-252315 may 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
CVE-2026-0770CRITICAL15 may 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir
GitHub PoC1
CVE-2026-42945: nginx-rift vulnerability analysis and detection script
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Centralized Wazuh SCA Assessment for CVE-2026-42945 on NGINX Servers
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
nhh9905/CVE-2022-37969
CVE-2022-37969HIGHbajo ataque15 may 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir
GitHub PoC
Este proyecto tiene como objetivo demostrar de forma práctica el funcionamiento del exploit Dirty COW (CVE-2016-5195), una vulnerabilidad crítica del en el kernel de Linux. Se simula un escenario realista en el que un atacante con acceso local limitado a un sistema sin parchear logra escalar sus privilegios hasta obtener acceso completo como root.
CVE-2016-5195HIGHbajo ataque15 may 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RIESGO
abrir
GitHub PoC4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
CVE-2026-42897HIGHbajo ataque15 may 2026
Microsoft Exchange Server Spoofing Vulnerability
71RIESGO
abrir
GitHub PoC
byezero/nginx-cve-2026-42945-check
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC18
Script Python para detecção de instâncias Nginx vulneráveis ao CVE-2026-42945 em IPs, CIDRs e ASNs.
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Toshiba Qiomem.sys vulnerable driver POC (CVE-2026-56129)
CVE-2026-56129MEDIUM15 may 2026
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insuf
33RIESGO
abrir
GitHub PoC
permite a un atacante remoto no autenticado leer archivos arbitrarios del sistema afectado mediante una inyección de XML External Entity (XXE)
CVE-2026-20224HIGH15 may 2026
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
41RIESGO
abrir
GitHub PoC1
forxiucn/nginx-cve-2026-42945-poc
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC2
Working PoC for CVE-2025-32432 - Craft CMS <= 5.6.16 unauthenticated RCE via Yii2 PhpManager gadget + nginx access.log poisoning
CVE-2025-32432CRITICALbajo ataque15 may 2026
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
GitHub PoC4
jelasin/CVE-2026-42945
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.