Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
bayu06802/CVE-2026-48908
CVE-2026-48908CRITICAL05 jul 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC1
QNAP password reset URL injection writeup + PoC.
CVE-2025-59382LOW05 jul 2026
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
28RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2014-6271CRITICALbajo ataque05 jul 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-8713CRITICAL05 jul 2026
Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value
48RIESGO
abrir
GitHub PoC4
Pre-auth path traversal to arbitrary file delete in Avada (Fusion) Builder <= 3.15.3 leading to RCE (CVSS 9.1)
CVE-2026-8713CRITICAL05 jul 2026
Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value
48RIESGO
abrir
GitHub PoC2
Pre-auth arbitrary file upload RCE exploit for iCagenda Joomla extension < 4.0.8 (CVSS 10.0)
CVE-2026-48939CRITICALbajo ataque05 jul 2026
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RIESGO
abrir
GitHub PoC
MESLIMOHAMEDM22005188/path-traversal-CVE-2026-14628
CVE-2026-14628MEDIUM05 jul 2026
NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
33RIESGO
abrir
GitHub PoC6
Public PoC and detector for CVE-2026-20896 ("Gitea Docker: One Header, Any User")
CVE-2026-20896CRITICAL05 jul 2026
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RIESGO
abrir
GitHub PoC5
Epson Printer RAW Protocol Exploit Framework
CVE-2026-39047HIGH05 jul 2026
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Prin
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48939CRITICALbajo ataque05 jul 2026
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RIESGO
abrir
GitHub PoC
Eliot-code/CVE-2026-22874-PoC
CVE-2026-22874CRITICAL05 jul 2026
Gitea webhook and migration allow-list filtering permits SSRF
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-20896CRITICAL05 jul 2026
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48908CRITICAL05 jul 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir
GitHub PoC2
Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated Stored Cross-Site Scripting Proof of Concept
CVE-2026-10104MEDIUM05 jul 2026
Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23550CRITICAL05 jul 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RIESGO
abrir
GitHub PoC
 CVE-2026-49049 - Unauthenticated File Deletion, Arbitrary Write & XSS Injection for Helix3 Joomla Extension
CVE-2026-49049HIGH05 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RIESGO
abrir
GitHub PoC3
PoC for CVE-2026-54415 — Azuriom CMS (<1.2.11) Broken Access Control → account takeover
CVE-2026-54415HIGH04 jul 2026
Broken Access Control in Azuriom CMS Server Routes Allows Account Takeover
41RIESGO
abrir
GitHub PoC3
CVE-2026-54998 RCE Exploit
CVE-2026-54998HIGH04 jul 2026
Microsoft Exchange Online Elevation of Privilege Vulnerability
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALbajo ataque04 jul 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RIESGO
abrir
GitHub PoC3
📤 Mass exploitation framework for CVE-2026-56290 — Page Builder CK Joomla unauthenticated file upload to RCE
CVE-2026-56290CRITICAL04 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RIESGO
abrir
GitHub PoC
CVE-2026-22874 writeup: incomplete SSRF allow-list in Gitea webhook/migration (IPv6 transition and cloud metadata). Fixed in Gitea 1.26.3.
CVE-2026-22874CRITICAL04 jul 2026
Gitea webhook and migration allow-list filtering permits SSRF
48RIESGO
abrir
GitHub PoC2
caterscam/CVE-2026-5524-PoC
CVE-2026-5524CRITICAL04 jul 2026
Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter
48RIESGO
abrir
GitHub PoC1
PoC for CVE-2026-53360: guest-triggered heap out-of-bounds read/write in KVM SEV-SNP Page State Change (PSC) handling.
CVE-2026-5336004 jul 2026
KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use
23RIESGO
abrir
GitHub PoC
💉 Blind SQL Injection → RCE exploit for Control Web Panel (CWP) ≤ 0.9.8.1224 — userRes POST → INTO DUMPFILE → cwpsvc shell
CVE-2026-57517CRITICAL04 jul 2026
Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-5524CRITICAL04 jul 2026
Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-56290CRITICAL04 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RIESGO
abrir
GitHub PoC3
Read-only vulnerability scanner for CVE-2026-49049 — Helix3 Joomla plugin unauthenticated AJAX handler
CVE-2026-49049HIGH04 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RIESGO
abrir
GitHub PoC5
Apache ActiveMQ Classic RCE research: CVE-2026-34197 / CVE-2026-42588 bypass chain + hardened-6.2.6 audit findings + Crowdfense comparison
CVE-2026-34197HIGHbajo ataque04 jul 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC
Technical troubleshooting repository for fixing infinite rendering vulnerability loops and resource exhaustion threats under CVE-2026-23869 cleanly.
CVE-2026-23869HIGH04 jul 2026
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL04 jul 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.