Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 may 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RIESGO
abrir
GitHub PoC
HiteshGorana/susvibes-jupyter-server-cve-2026-35397
CVE-2026-35397HIGH08 may 2026
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
21RIESGO
abrir
GitHub PoC3
Wazuh 4.14.4 detection rules for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) - Linux Local Privilege Escalation via page cache write
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Paranoid disable Linux IPsec ESP support (esp4/esp6) and RxRPC support.
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC23
Detector + PoC for Linux page-cache write vulnerabilities: Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284/43500). Authorized security research only.
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.
CVE-2023-4863HIGHbajo ataque08 may 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RIESGO
abrir
GitHub PoC1
cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
CVE-2026-41940CRITICALbajo ataqueransomware07 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 Copy Fail
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
One-liner Python LPE for CVE-2026-31431 (CopyFail2). No compilation, no dependencies beyond Python+OpenSSL. Just curl | python3 and get root on Linux 6.5+.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-23918 Apache mod_http2 Double-Free Detector
CVE-2026-23918HIGH07 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
GitHub PoC2
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
CVE-2026-38360CRITICAL07 may 2026
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execut
43RIESGO
abrir
GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
CVE-2026-38361HIGH07 may 2026
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RIESGO
abrir
GitHub PoC
CVE-2026-3844
CVE-2026-3844CRITICAL07 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
CVE-2026-44590CRITICAL07 may 2026
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RIESGO
abrir
GitHub PoC1
FlowiseAI CVE-2025-58434 & CVE-2025-59528 exploit PoC, demonstrating unauthenticated ATO via reset token leakage, followed by authenticated RCE. Includes a reproductible Docker lab environment.
CVE-2025-58434CRITICAL07 may 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir
GitHub PoC
borahll/CVE-2021-21220
CVE-2021-21220HIGHbajo ataque07 may 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir
GitHub PoC
Caliburn9/CVE-2023-21716-Analysis-ICT287
CVE-2023-21716CRITICAL07 may 2026
Microsoft Word Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC2
Math.js Expression Parser RCE
CVE-2026-40897HIGH07 may 2026
Math.js: Unsafe object property setter in mathjs
41RIESGO
abrir
GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2025-6440
CVE-2025-6440CRITICAL07 may 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
Automatic script written in python for CVE-2009-3999
CVE-2009-399907 may 2026
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to ex
60RIESGO
abrir
GitHub PoC
julichaan/CVE-2026-31431-python-copyfail-POC
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
adilkurtulmus/linux-copy-fail-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC171
Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)
CVE-2026-23870HIGH07 may 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RIESGO
abrir
GitHub PoC1
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise.
CVE-2026-27944CRITICAL07 may 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RIESGO
abrir
GitHub PoC33
CVE-2026-23631 (DarkReplica) Redis Exploit
CVE-2026-23631MEDIUM07 may 2026
redis-server Lua use-after-free may allow remote code execution
33RIESGO
abrir
GitHub PoC
Vulnerability Research and Exploit for CVE-2019-10149
CVE-2019-10149CRITICALbajo ataque07 may 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.