Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Kernel patches for Dirty Frag vulnerability (CVE-2026-43284, CVE-2026-43500)
CVE-2026-43284HIGH09 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC1
CVE-2026-0073 - ADB Wireless Mutual Authentication Bypass PoC
CVE-2026-0073HIGH09 may 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir
GitHub PoC3
Wazuh 4.14.4 detection rules for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) - Linux Local Privilege Escalation via page cache write
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10243-AUTH
CVE-2026-10243MEDIUM08 may 2026
code-projects Smart Parking System Admin Endpoint missing authentication
33RIESGO
abrir
GitHub PoC
Kernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Desc "Fix Redis CVE ultil 20260508-10h51 GMT+7"
CVE-2026-25589HIGH08 may 2026
RedisBloom RESTORE invalid memory access may allow remote code execution
21RIESGO
abrir
GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
CVE-2026-41940CRITICALbajo ataqueransomware08 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC6
Simple Ansible Playbook to mitigate against CopyFail (CVE-2026-31431) and DirtyFrag (CVE-2026-43284) vulnerabilities.
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 ("Copy Fail") vulnerability detector & exploit on Astra linux 1.7.6 with 3.7+ python
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Morton-Li/copy-fail-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Detection rules for CVE-2026-23918 Apache http2 RCE - Credit: stringa.ai, isec.pl
CVE-2026-23918HIGH08 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
GitHub PoC12
A proof-of-concept demonstrating how a default, unprivileged Kubernetes Pod can achieve node-level code execution on Amazon EKS by exploiting the Dirty Frag (CVE-2026-43284) Linux kernel page-cache corruption vulnerability through shared container image layers.
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Bannt08/Research-CVE-2026-21858
CVE-2026-21858CRITICAL08 may 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-34197-Lab
CVE-2026-34197HIGHbajo ataque08 may 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC14
CVE-2026-43284
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Tracking CVE-2026-43284
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC2
Dirty Frag (CVE-2026-43284/43500) - Linux Kernel LPE Deep Technical Analysis by Bomb
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Sidjaz/CrushFTP-CVE-2024-4040-Proof-of-Concept
CVE-2024-4040CRITICALbajo ataque08 may 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-3844-Lab
CVE-2026-3844CRITICAL08 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC2
Vulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE
CVE-2022-30190HIGHbajo ataqueransomware08 may 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 may 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RIESGO
abrir
GitHub PoC
Linux Kernel Local Privilege Escalation
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
kyukazamiqq/cve-2026-5718
CVE-2026-5718HIGH08 may 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC
A fully refactored, Python 3 compatible exploit script for Tomcat Ghostcat (CVE-2020-1938 / CNVD-2020-10487) AJP Local File Inclusion
CVE-2020-1938CRITICALbajo ataque08 may 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 in C for aarch64 and amd64
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation
CVE-2026-33534MEDIUM08 may 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RIESGO
abrir
GitHub PoC
AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.
CVE-2023-4863HIGHbajo ataque08 may 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RIESGO
abrir
GitHub PoC
CTT-Enhanced Apache mod_auth_digest Timing Attack — CVE-2026-33006 Remote Digest Authentication Bypass → 33-Layer Temporal Timing Attack Original vulnerability: Apache HTTP Server 2.4.66 (mod_auth_digest timing leak) CTVSS (Original): 4.8 (Medium) CTT-Enhanced CVSS: 7.5 (High) — Network, low complexity, temporal wedge evasion
CVE-2026-33006MEDIUM08 may 2026
Apache HTTP Server: mod_auth_digest timing attack
13RIESGO
abrir
GitHub PoC
Full black-box penetration test against SecOS:1 (VulnHub) — CSRF exploitation, privilege escalation via CVE-2015-1328 (OverlayFS), post-exploitation
CVE-2015-132808 may 2026
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.