Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.181exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 may 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RIESGO
abrir
GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
CVE-2026-46840CRITICAL29 may 2026
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 may 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 may 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RIESGO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
CVE-2019-905329 may 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
Exploit-DB
Microsoft - NTLMv2 Hash Capture
CVE-2026-32202MEDIUMbajo ataque29 may 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
CVE-2026-34473HIGHlocalmultiple29 may 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 may 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir
Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46522HIGHlocalmultiple29 may 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir
Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
CVE-2026-42471HIGHwebappsphp29 may 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
CVE-2026-52806CRITICAL28 may 2026
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RIESGO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 may 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RIESGO
abrir
GitHub PoC
EXPLOIT CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALbajo ataque28 may 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 may 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RIESGO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 may 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 may 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-31431HIGHbajo ataque28 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 may 2026
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir
anteriorpágina 42 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.