Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.053exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.053 exploits
GitHub PoC
CVE-2026-28992 IOHIDFamily FastPathUserClient race condition PoC — security research
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7
33RIESGO
abrir ↗GitHub PoC★ 1
inforcqb/CVE-2026-43499-pja110
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC
Exploitability PoC for CVE-2026-9558 (SSTI Mautic Theme)
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twi
48RIESGO
abrir ↗GitHub PoC★ 1
Reproducer for CVE-2026-40858 — Apache Camel camel-infinispan remote aggregation repository unsafe deserialization (RCE)
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
41RIESGO
abrir ↗GitHub PoC
Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.
Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to e
41RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
Vite: `server.fs.deny` bypass on Windows alternate paths
41RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)
Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
41RIESGO
abrir ↗GitHub PoC★ 1
0x00phantom-hat/CVE-2026-12400-Exploit
FlowForms <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification via REST API '/flowforms/v1/forms/{id}' Endpoints
33RIESGO
abrir ↗GitHub PoC
cazzysoci/cve-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page
Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
41RIESGO
abrir ↗GitHub PoC
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
Apache APISIX: Authentication bypass in jwe-decrypt
33RIESGO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517
Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-53359漏洞补丁
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RIESGO
abrir ↗GitHub PoC★ 44
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗VulnCheck XDB
initial-access
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RIESGO
abrir ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir ↗GitHub PoC
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RIESGO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗GitHub PoC
包括能执行的命令探测和一键getshell(需要服务器部署服务)
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page
Langroid: Path traversal in the file tools allows read/write outside configured current directory
41RIESGO
abrir ↗GitHub PoC★ 2
tc3650/CVE-2026-43499-armv7
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC★ 1
lieehrdiansyah12/CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 154
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.