Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
ycseo-git/CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
48RIESGO
abrir ↗GitHub PoC
Proof-of-concept for CVE-2024-4040 (CrushFTP SSTI -> unauthenticated LFI) in a controlled CS443 lab environment - for educational/authorised use only.
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RIESGO
abrir ↗GitHub PoC
MartinaStarone/CVE-2026-2441
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir ↗GitHub PoC★ 1
mawussid/CVE-2026-41651-Python
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RIESGO
abrir ↗GitHub PoC★ 1
Proof-of-concept exploit for CVE-2024-22120 that leverages time-based SQL injection and gopher-based SSRF to achieve remote code execution on vulnerable Zabbix servers for educational security research.
Time Based SQL Injection in Zabbix Server Audit Log
70RIESGO
abrir ↗GitHub PoC★ 12
mitigation of cve-2026-31431 using ftrace
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 12
CVE-2026-41940 Auto Root Login
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 1
PoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 3
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2011-1249 (MS11-046) AFD privilege escalation — MinGW cross-compilation fix + custom command support
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RIESGO
abrir ↗GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
Zimbra Path Traversal (CVE-2025-68645) - Unauthenticated file read vulnerability in Zimbra Collaboration Suite
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir ↗GitHub PoC★ 1
This repository contains a Python replication script for CVE-2025-4632, an Unauthenticated Remote Code Execution (RCE) vulnerability in Samsung MagicINFO 9 Server (versions prior to 21.1052).
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RIESGO
abrir ↗GitHub PoC
roodhelios/CVE-2022-26134-OGNL-Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir ↗GitHub PoC
Analysis of network scan results, service vulnerabilities, OS fingerprinting, and critical Nessus findings including Ghostcat (CVE-2020-1938).
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir ↗GitHub PoC
This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 – Ethical Hacking & Penetration Testing course at Pace University.
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir ↗GitHub PoC
One IPv6 ND option with length zero. One missing check. Daemon walks backward and lives in the loop. Reported to OpenBSD, fixed, CVE assigned.
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Dis
13RIESGO
abrir ↗GitHub PoC
Analysis of CVE-2026-24072
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
21RIESGO
abrir ↗GitHub PoC
Passive HTTP metadata auditor for CVE-2026-23918 exposure triage
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir ↗GitHub PoC
Exploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC★ 22
LPE due to integer truncation in vskrnlintvsp.sys
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RIESGO
abrir ↗GitHub PoC
Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
ZildanZ/CVE-2026-41940
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 1
Detection signatures for CVE-2026-41940 and shemas for cPanel logs
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
Simple exploit
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RIESGO
abrir ↗GitHub PoC★ 1
Утилита для Linux, которая проверяет доступность `AF_ALG`/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 10
Safe detection tooling for CVE-2026-31431 "Copy Fail" and CVE-2026-43284 "Dirty Frag" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.