Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC4
Bulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel/WHM, built for automated target validation and high-speed multi-threaded execution.
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC3
Easy-to-understand version of CVE-2026-31431
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Exploitation of CVE-2023-44604. Using a Kali Linux VM (attacker) and a Debian 11 server VM (victim)
CVE-2023-46604CRITICALbajo ataqueransomware01 may 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2025-59528 Proof of Concept
CVE-2025-59528CRITICAL01 may 2026
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
GitHub PoC
对 CVE-2026-31431 的复现分析、C 改编的 exp。
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
george1-adel/CVE-2026-41940_exploit
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
CVE-2026-43500HIGH30 abr 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
GitHub PoC1
CVE-2026-31431 - Copy Fail PoC (Python 3.10+)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
DaemonSet с реализацией временной меры для митигации уязвимости Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC14
Copy Fail - CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
ryan2929/CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Razielx64/CVE-2025-69606-GSVoIP-XSS
CVE-2025-69606MEDIUM30 abr 2026
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in t
33RIESGO
abrir
GitHub PoC31
BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
HackTheBox — CCTV (Easy/Linux) | CVE-2024-51482 + SqlMap+ SSH Key + Root
CVE-2024-51482CRITICAL30 abr 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir
GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
CVE-2023-46604CRITICALbajo ataqueransomware30 abr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC
vesjolyjd/Kaspersky_CVE-2024-3094
CVE-2024-3094CRITICAL30 abr 2026
Xz: malicious code in distributed source
70RIESGO
abrir
GitHub PoC
This project explores whether modern OpenSSH reveals valid usernames through subtle response or timing differences. CVE-2016-6210 user enumeration investigation ( Welch's t-test, Cohen's d, and detection engineering ) on a controlled lab on Ubuntu 22.04.5 LTS, it also examines the traces such attempts leave behind and how they can be detected..
CVE-2016-6210MEDIUM30 abr 2026
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
70RIESGO
abrir
GitHub PoC13
Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.
CVE-2026-41940CRITICALbajo ataqueransomware30 abr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.
CVE-2014-6271CRITICALbajo ataque30 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
TheMursalin/CVE-2025-32432
CVE-2025-32432CRITICALbajo ataque30 abr 2026
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
GitHub PoC
Winrar Exploit CVE-2023-38831
CVE-2023-38831HIGHbajo ataqueransomware30 abr 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.