Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.292exploits catalogados
31.741CVEs con explotación pública
0probados en laboratorio
13.184 exploits
GitHub PoC
Log4Shell (CVE-2021-44228)
CVE-2021-44228CRITICALbajo ataqueransomware02 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critical CVEs
CVE-2021-44228CRITICALbajo ataqueransomware02 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Linux Kernel LPE PoC (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque02 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
IDS/IPS lab for detecting and preventing Apache ActiveMQ RCE (CVE-2023-46604) using GVM, Nmap, Snort, iptables, and UFW.
CVE-2023-46604CRITICALbajo ataqueransomware02 may 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC1
CVE-2026-41940 Direct Shell Acess
CVE-2026-41940CRITICALbajo ataqueransomware02 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC3
Easy-to-understand version of CVE-2026-31431
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 - Copy Fail - PoC exploit
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
SSH posture helper for CVE-2026-31431 (Copy Fail): kernel and algif_aead inventory
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Exploitation of CVE-2023-44604. Using a Kali Linux VM (attacker) and a Debian 11 server VM (victim)
CVE-2023-46604CRITICALbajo ataqueransomware01 may 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC2
cPanel CVE-2026-41940 nuclear.x86 Security Audit & Cleanup Script
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC20
CVE-2026-31431 (Copy Fail) PoC - Linux kernel page cache corruption via authencesn AF_ALG + splice()
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
simantchaudhari/CVE-2025-24054-PoC
CVE-2025-24054MEDIUMbajo ataque01 may 2026
NTLM Hash Disclosure Spoofing Vulnerability
75RIESGO
abrir
GitHub PoC
对 CVE-2026-31431 的复现分析、C 改编的 exp。
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC4
Bulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel/WHM, built for automated target validation and high-speed multi-threaded execution.
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC2
george1-adel/CVE-2026-41940_exploit
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 Kernel Fix Script
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 mitigation (Copy Fail)
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
CVE-2026-31431HIGHbajo ataque01 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC10
cPanel/WHM Authentication Bypass (Zero-Day Vulnerability)
CVE-2026-41940CRITICALbajo ataqueransomware01 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC1
CVE-2025-59528 Proof of Concept
CVE-2025-59528CRITICAL01 may 2026
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
GitHub PoC
Winrar Exploit CVE-2023-38831
CVE-2023-38831HIGHbajo ataqueransomware30 abr 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC
Gogs CVE-2025-8110 RCE Exploit
CVE-2025-8110HIGHbajo ataque30 abr 2026
File overwrite in file update API in Gogs
100RIESGO
abrir
GitHub PoC91
High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)
CVE-2026-41940CRITICALbajo ataqueransomware30 abr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.
CVE-2014-6271CRITICALbajo ataque30 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
CVE-2023-46604CRITICALbajo ataqueransomware30 abr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.