Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.181exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.180 exploits
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir ↗GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RIESGO
abrir ↗GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RIESGO
abrir ↗GitHub PoC★ 2
akashsingh0454/CVE-2026-0257-PoC
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗VulnCheck XDB
initial-access
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir ↗GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir ↗GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir ↗GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir ↗Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir ↗Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir ↗GitHub PoC★ 1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir ↗GitHub PoC★ 6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RIESGO
abrir ↗GitHub PoC★ 6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RIESGO
abrir ↗GitHub PoC
EXPLOIT CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir ↗GitHub PoC★ 1
funixone/EXPLOIT-CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir ↗GitHub PoC
CVE-2026-35616 - Draft
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir ↗GitHub PoC★ 1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RIESGO
abrir ↗GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir ↗GitHub PoC★ 10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir ↗GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC★ 1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.