Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
71.622 exploits
VulnCheck XDB
remote-with-credentials
CVE-2022-26923HIGHbajo ataque29 may 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux29 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
Exploit-DB
MikroORM 7.0.13 - SQL Injection
CVE-2026-44680HIGHwebappsmultiple29 may 2026
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RIESGO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
33RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 may 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-47176MEDIUM29 may 2026
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RIESGO
abrir
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 may 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RIESGO
abrir
Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46522HIGHlocalmultiple29 may 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir
GitHub PoC
Exploit de Execução Remota de Código (RCE) no XWiki
CVE-2025-24893CRITICALbajo ataque29 may 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 may 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
33RIESGO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware29 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALbajo ataque29 may 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir
Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
CVE-2026-1830CRITICAL29 may 2026
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
CVE-2026-34473HIGHlocalmultiple29 may 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir
Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
CVE-2026-34474HIGHlocalmultiple29 may 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir
Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
CVE-2026-0926CRITICAL29 may 2026
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RIESGO
abrir
Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
CVE-2026-42471HIGHwebappsphp29 may 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 may 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALbajo ataque28 may 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 may 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir
anteriorpágina 44 / 2388siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.