Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
13.187 exploits
GitHub PoC91
High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)
CVE-2026-41940CRITICALbajo ataqueransomware30 abr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Razielx64/CVE-2025-69606-GSVoIP-XSS
CVE-2025-69606MEDIUM30 abr 2026
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in t
33RIESGO
abrir
GitHub PoC14
Copy Fail - CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.
CVE-2014-6271CRITICALbajo ataque30 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
CVE-2023-46604CRITICALbajo ataqueransomware30 abr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC
DaemonSet с реализацией временной меры для митигации уязвимости Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
vesjolyjd/Kaspersky_CVE-2024-3094
CVE-2024-3094CRITICAL30 abr 2026
Xz: malicious code in distributed source
70RIESGO
abrir
GitHub PoC
Winrar Exploit CVE-2023-38831
CVE-2023-38831HIGHbajo ataqueransomware30 abr 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
CVE-2019-9978MEDIUMbajo ataque30 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
HackTheBox — CCTV (Easy/Linux) | CVE-2024-51482 + SqlMap+ SSH Key + Root
CVE-2024-51482CRITICAL30 abr 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir
GitHub PoC
TheMursalin/CVE-2025-32432
CVE-2025-32432CRITICALbajo ataque30 abr 2026
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 - Copy Fail PoC (Python 3.10+)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
This project explores whether modern OpenSSH reveals valid usernames through subtle response or timing differences. CVE-2016-6210 user enumeration investigation ( Welch's t-test, Cohen's d, and detection engineering ) on a controlled lab on Ubuntu 22.04.5 LTS, it also examines the traces such attempts leave behind and how they can be detected..
CVE-2016-6210MEDIUM30 abr 2026
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
70RIESGO
abrir
GitHub PoC
Gogs CVE-2025-8110 RCE Exploit
CVE-2025-8110HIGHbajo ataque30 abr 2026
File overwrite in file update API in Gogs
100RIESGO
abrir
GitHub PoC10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHbajo ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Unauthenticated time-based blind SQL injection PoC for VICIdial CVE-2024-8503, with metadata extraction, resumable scans, and strict safety limits.
CVE-2024-8503CRITICAL29 abr 2026
VICIdial Unauthenticated SQL Injection
85RIESGO
abrir
GitHub PoC
Wise-Security/CVE-2026-38945
CVE-2026-38945HIGH29 abr 2026
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary cod
41RIESGO
abrir
GitHub PoC1
Automated detection & exploitation of critical PHP vulnerabilities (CVE-2024-4577 bypass, CVE-2025-14177, CVE-2025-14180, CVE-2025-14178)
CVE-2024-4577CRITICALbajo ataqueransomware29 abr 2026
Argument Injection in PHP-CGI
100RIESGO
abrir
GitHub PoC
Escaneo de vulnerabilidades, análisis de tráfico con Wireshark y explotación controlada del CVE-2011-2523 (vsftpd 2.3.4) en entorno de red segura.
CVE-2011-252329 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
dinhthihanhle1989-max/CVE-2024-29988
CVE-2024-29988HIGHbajo ataque29 abr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RIESGO
abrir
GitHub PoC433
Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
CVE-2026-31431HIGHbajo ataque29 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
CVE-2021-44228CRITICALbajo ataqueransomware28 abr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
B1gN0Se/PwnKit_CVE-2021-4034
CVE-2021-4034HIGHbajo ataque28 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC1
POC for CVE-2026-39816 which allows NiFi users without execute code permissions to run arbitrary scripts
CVE-2026-39816HIGH28 abr 2026
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
21RIESGO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56537
CVE-2025-56537MEDIUM28 abr 2026
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute
33RIESGO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56535
CVE-2025-56535MEDIUM28 abr 2026
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.