Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.187 exploits
GitHub PoC★ 91
High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Razielx64/CVE-2025-69606-GSVoIP-XSS
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in t
33RIESGO
abrir ↗GitHub PoC★ 14
Copy Fail - CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir ↗GitHub PoC
DaemonSet с реализацией временной меры для митигации уязвимости Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Winrar Exploit CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir ↗GitHub PoC
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir ↗GitHub PoC
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir ↗GitHub PoC
HackTheBox — CCTV (Easy/Linux) | CVE-2024-51482 + SqlMap+ SSH Key + Root
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-31431 - Copy Fail PoC (Python 3.10+)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
This project explores whether modern OpenSSH reveals valid usernames through subtle response or timing differences. CVE-2016-6210 user enumeration investigation ( Welch's t-test, Cohen's d, and detection engineering ) on a controlled lab on Ubuntu 22.04.5 LTS, it also examines the traces such attempts leave behind and how they can be detected..
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
70RIESGO
abrir ↗GitHub PoC★ 10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
Temporarily removes the root password using CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Unauthenticated time-based blind SQL injection PoC for VICIdial CVE-2024-8503, with metadata extraction, resumable scans, and strict safety limits.
VICIdial Unauthenticated SQL Injection
85RIESGO
abrir ↗GitHub PoC
Wise-Security/CVE-2026-38945
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary cod
41RIESGO
abrir ↗GitHub PoC★ 1
Automated detection & exploitation of critical PHP vulnerabilities (CVE-2024-4577 bypass, CVE-2025-14177, CVE-2025-14180, CVE-2025-14178)
Argument Injection in PHP-CGI
100RIESGO
abrir ↗GitHub PoC
Escaneo de vulnerabilidades, análisis de tráfico con Wireshark y explotación controlada del CVE-2011-2523 (vsftpd 2.3.4) en entorno de red segura.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC
dinhthihanhle1989-max/CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
83RIESGO
abrir ↗GitHub PoC★ 433
Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
B1gN0Se/PwnKit_CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC★ 1
POC for CVE-2026-39816 which allows NiFi users without execute code permissions to run arbitrary scripts
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
21RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56537
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute
33RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56535
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.