Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
CVE-2026-46331HIGH30 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
POC for CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque30 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
Kestra Auth-Bypass Vulnerability Checker
CVE-2026-49869CRITICAL30 jun 2026
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
48RIESGO
abrir
GitHub PoC
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
CVE-2026-56121CRITICAL30 jun 2026
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RIESGO
abrir
GitHub PoC
Safari 跨域读取视频
CVE-2026-43700MEDIUM30 jun 2026
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS
33RIESGO
abrir
GitHub PoC
CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
CVE-2026-46490HIGH30 jun 2026
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
41RIESGO
abrir
GitHub PoC
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
CVE-2026-46331HIGH30 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
CVE-2026-58138CRITICAL30 jun 2026
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RIESGO
abrir
GitHub PoC2
Citrix NetScaler CVE Preconditions Checker as per CTX696604 | Supported CVE : CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474
CVE-2026-8451HIGH30 jun 2026
Insufficient input validation leading to memory overread
41RIESGO
abrir
GitHub PoC11
watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451
CVE-2026-8451HIGH30 jun 2026
Insufficient input validation leading to memory overread
41RIESGO
abrir
GitHub PoC
CVE-2026-46817 - Draft
CVE-2026-46817CRITICALbajo ataque30 jun 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi
78RIESGO
abrir
GitHub PoC
CVE-2026-8037 - Draft
CVE-2026-8037CRITICAL30 jun 2026
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RIESGO
abrir
GitHub PoC
Chequeo y Fix de la vulnerabilidad "pedit COW"
CVE-2026-46331HIGH30 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
CVE-2026-44789 — n8n <1.123.43 HTTP Request pagination prototype pollution to RCE (NODE_OPTIONS runner-spawn gadget). Lab + automated PoC, verified e2e.
CVE-2026-44789CRITICAL30 jun 2026
n8n: HTTP Request Node Pagination Prototype Pollution to RCE
48RIESGO
abrir
GitHub PoC1
CVE-2026-48907 – Joomla JCE Unauthenticated Remote Code Execution (RCE)
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-56782 — Gorse <0.5.10 unauthenticated DB dump/restore (admin_api_key fail-open). Lab + PoC, verified e2e.
CVE-2026-56782CRITICAL29 jun 2026
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RIESGO
abrir
GitHub PoC
HutTwoThreeFour/CVE-2026-5562-Exploit
CVE-2026-5562MEDIUM29 jun 2026
provectus kafka-ui Endpoint testexecutions validateAccess code injection
33RIESGO
abrir
GitHub PoC
CVE-2026-53753 — Crawl4AI <0.8.7 unauthenticated RCE (AST sandbox escape via gi_frame.f_back). Lab + PoC, verified e2e.
CVE-2026-53753CRITICAL29 jun 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RIESGO
abrir
GitHub PoC1
rootdirective-sec/CVE-2026-28496-Lab
CVE-2026-28496CRITICAL29 jun 2026
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RIESGO
abrir
GitHub PoC21
Python Proof of Concept for DirtyClone (CVE-2026-43503) - Linux kernel LPE via page-cache corruption
CVE-2026-43503HIGH29 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC
cve-2026-48907 scanner
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
xitexploiter96-dot/CVE-2026-48907-
CVE-2026-48907CRITICALbajo ataque29 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC2
CVE-2026-55200 - Critical libssh2 Remote Code Execution Vulnerability
CVE-2026-55200CRITICAL29 jun 2026
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RIESGO
abrir
GitHub PoC
cve-2026-46331-audit script
CVE-2026-46331HIGH29 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
POC for CVE-2026-20253
CVE-2026-20253CRITICALbajo ataque29 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC1
CVE-2026-46817
CVE-2026-46817CRITICALbajo ataque29 jun 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi
78RIESGO
abrir
GitHub PoC
drupal-postgresql-rce
CVE-2026-9082CRITICALbajo ataque29 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH29 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RIESGO
abrir
GitHub PoC1
iCagenda Unauthenticated File Upload to RCE
CVE-2026-48939CRITICALbajo ataque29 jun 2026
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RIESGO
abrir
GitHub PoC1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
CVE-2026-49048HIGH28 jun 2026
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.