Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.125 exploits
GitHub PoC★ 20
azefzafyoussef/CVE-2026-34621
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RIESGO
abrir ↗GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir ↗GitHub PoC
Are you get Tanstack Supply chain attack attack of 5/11? CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC★ 1
oen liner CVE-2026-31431 test. Created 'sandbox' on sudo user and tests if ir can escape to root
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2023-4220 — Unauthenticated file upload RCE in Chamilo LMS ≤ 1.11.24. OSCP-style and auto exploit.
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir ↗GitHub PoC★ 6
🚀 CVE-2026-41940 cPanel/WHM Auth Bypass Exploit - Best Flow 💥 CRLF injection leads to auth bypass, session hijacking & account leak. ✅ Proxy, custom UA, keep-alive, retries, SSL verify, colored output, file save support. ⚡ Advanced PoC for pentesters.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
vutiendat323/CVE-2021-44228_Log4Shell
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
Cybersecurity demo exploiting CVE-2026-35455 with automatic API key generation and exfiltration
immich has Stored XSS via OCR Text in 360° Panorama Viewer
41RIESGO
abrir ↗GitHub PoC★ 1
rootdirective-sec/CVE-2026-5718-Lab
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir ↗GitHub PoC
Semgrep rules that flag header-trust auth bypass patterns (CVE-2025-29927 class). Companion to bk-security.github.io.
Authorization Bypass in Next.js Middleware
85RIESGO
abrir ↗GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC★ 2
Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-29000 – pac4j-jwt Authentication Bypass (🔥 CVSS 10.0). One-click admin forge via public key JWE wrapping. Leaks configs, users, secrets. Keep-alive, proxy, custom JWKS.⚙️ Educational PoC Exploit tool.
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir ↗GitHub PoC★ 1
Claude Code skill to scan machines for Mini Shai-Hulud (CVE-2026-45321) supply chain worm IOCs
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Working POC of CVE-2026-6664 written by Sonnet 4.6
PgBouncer integer overflow in PgBouncer network packet parsing
41RIESGO
abrir ↗GitHub PoC
Detects CVE-2026-45321 (TanStack supply chain compromise) and Mini Shai-Hulud worm artifacts. Scans node_modules, lockfiles, persistence hooks (Claude Code, VS Code, systemd, LaunchAgent), GitHub workflows, git history, C2 domains, and AI tool configs.
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC★ 1
Detect CVE-2026-45321 Mini Shai-Hulud supply chain compromise — scans for 170 npm + 2 PyPI poisoned packages across TanStack, Mistral AI, UiPath, OpenSearch, Guardrails AI
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC
CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac
23RIESGO
abrir ↗GitHub PoC
CVE-2026-42569
phpvms: /importer authorization bypass causing full database wipe
43RIESGO
abrir ↗GitHub PoC
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RIESGO
abrir ↗GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
Authentication Bypass in DTS Electronics' Redline WR3200
28RIESGO
abrir ↗GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Proof of concept of CVE-2026-8161 (Multiparty)
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
21RIESGO
abrir ↗GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RIESGO
abrir ↗GitHub PoC★ 3
Arbitrary command execution on Cockpit
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.