Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.292exploits catalogados
31.741CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.888GitHub PoC 13.182VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.184 exploits
GitHub PoC
Log4Shell (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critical CVEs
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
Linux Kernel LPE PoC (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
IDS/IPS lab for detecting and preventing Apache ActiveMQ RCE (CVE-2023-46604) using GVM, Nmap, Snort, iptables, and UFW.
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-41940 Direct Shell Acess
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 3
Easy-to-understand version of CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2026-31431 - Copy Fail - PoC exploit
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
SSH posture helper for CVE-2026-31431 (Copy Fail): kernel and algif_aead inventory
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Exploitation of CVE-2023-44604. Using a Kali Linux VM (attacker) and a Debian 11 server VM (victim)
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir ↗GitHub PoC★ 2
cPanel CVE-2026-41940 nuclear.x86 Security Audit & Cleanup Script
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 20
CVE-2026-31431 (Copy Fail) PoC - Linux kernel page cache corruption via authencesn AF_ALG + splice()
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
simantchaudhari/CVE-2025-24054-PoC
NTLM Hash Disclosure Spoofing Vulnerability
75RIESGO
abrir ↗GitHub PoC
对 CVE-2026-31431 的复现分析、C 改编的 exp。
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 4
Bulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel/WHM, built for automated target validation and high-speed multi-threaded execution.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 2
george1-adel/CVE-2026-41940_exploit
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
CVE-2026-31431 Kernel Fix Script
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2026-31431 mitigation (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 10
cPanel/WHM Authentication Bypass (Zero-Day Vulnerability)
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2025-59528 Proof of Concept
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir ↗GitHub PoC
Winrar Exploit CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir ↗GitHub PoC★ 91
High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC★ 2
Temporarily removes the root password using CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir ↗GitHub PoC
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir ↗GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.