Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.294exploits catalogados
31.742CVEs con explotación pública
0probados en laboratorio
71.294 exploits
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALbajo ataqueransomware30 may 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir
GitHub PoC2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
CVE-2026-8732CRITICAL30 may 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALbajo ataque30 may 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-21413CRITICALbajo ataque30 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHbajo ataque30 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
Exploit-DB
Notepad++ 8.9.6 - Arbitrary Code Execution
CVE-2026-48778HIGHremotewindows30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHbajo ataque30 may 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALbajo ataqueransomware30 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
CVE-2026-43494HIGH30 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 may 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RIESGO
abrir
GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413CRITICALbajo ataque30 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 may 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RIESGO
abrir
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
CVE-2019-905329 may 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
CVE-2022-26923HIGHbajo ataque29 may 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir
GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
CVE-2022-22947CRITICALbajo ataque29 may 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 may 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir
Exploit-DB
Microsoft - NTLMv2 Hash Capture
CVE-2026-32202MEDIUMbajo ataque29 may 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
GitHub PoC26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
CVE-2026-1830CRITICAL29 may 2026
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque29 may 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
CVE-2026-46840CRITICAL29 may 2026
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RIESGO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware29 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 may 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RIESGO
abrir
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 may 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RIESGO
abrir
Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CVE-2026-44376MEDIUMwebappsmultiple29 may 2026
CubeCart: Reflected XSS in Store Search Bar
33RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGHlocallinux29 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
anteriorpágina 43 / 2377siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.