Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.002exploits catalogados
31.582CVEs con explotación pública
13.048 exploits
GitHub PoC
Bartixxx32/CVE-2026-43499-OnePlus15
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC
JohannesLks/CVE-2026-50338
CVE-2026-50338HIGH14 jul 2026
Azure Spring Apps Elevation of Privilege Vulnerability
38RIESGO
abrir
GitHub PoC
CVE-2026-8181 — Burst Statistics WordPress plugin Authentication Bypass (CVSS 9.8) to Admin Account Takeover. Mass scanner with FOFA/Shodan integration and modern GUI.
CVE-2026-8181CRITICAL14 jul 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC1
本次个人漏洞研究进展成果
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC3
Vulnerability analysis and Proof of Concept (PoC) for CVE-2026-43499 affecting Xiaomi devices. For educational and research purposes only.
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46584: Apache Camel camel-mail mail.smtp.* header injection enabling credential theft via on-path SOCKS interception (fixed in 4.14.8/4.18.3/4.21.0)
CVE-2026-46584LOW14 jul 2026
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
28RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46457 — Apache Camel camel-nats inbound header injection (Camel control-header injection via a NATS publisher; CamelHttpUri -> SSRF)
CVE-2026-46457HIGH14 jul 2026
Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
41RIESGO
abrir
GitHub PoC1
CVE-2026-36214 - osTicket Stored XSS via Bootstrap Tooltip - PoC & Analysis | CVSS 8.7 HIGH | AMN SECURITY
CVE-2026-36214MEDIUM13 jul 2026
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
30RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46453 — Apache Camel camel-elasticsearch-rest-client unprefixed-header injection (operation/query override via inbound HTTP headers)
CVE-2026-46453MEDIUM13 jul 2026
Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation
33RIESGO
abrir
GitHub PoC1
CVE-2026-40047 - Apache Camel Docling CLI Argument Injection - PoC & Analysis | CVSS 9.1 CRITICAL | AMN SECURITY
CVE-2026-40047CRITICAL13 jul 2026
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RIESGO
abrir
GitHub PoC1
Mendeteksi versi (passive detection) & Exploitation CVE POC
CVE-2026-56291CRITICALbajo ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RIESGO
abrir
GitHub PoC1
CVE-2026-48907 - Joomla JCE Editor Unauthenticated RCE - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
CVE-2026-48907CRITICALbajo ataque13 jul 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC3
Unauthenticated Arbitrary File/Folder Deletion in Joomla Helix Ultimate (JoomShaper) <= 2.2.6 — CVE-2026-57830
CVE-2026-57830HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7
41RIESGO
abrir
GitHub PoC3
Unauthenticated Stored XSS in Joomla Helix Ultimate (JoomShaper) <= 2.2.6
CVE-2026-57829HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7
41RIESGO
abrir
GitHub PoC1
CVE-2026-46529 - Atril Evince XReader PDF Clickable Link RCE - PoC & Analysis | CVSS 7.8 HIGH | AMN SECURITY
CVE-2026-46529HIGH13 jul 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RIESGO
abrir
GitHub PoC
CVE-2026-53805 - Draft
CVE-2026-53805CRITICAL13 jul 2026
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API
48RIESGO
abrir
GitHub PoC
CVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner
CVE-2026-49049HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RIESGO
abrir
GitHub PoC11
CVE-2026-43724 - Apple's published enough advisories about the issue, I'm not getting paid for any of my kernel bugs.
CVE-2026-43724HIGH13 jul 2026
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah
41RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46454 — Apache Camel camel-cometd inbound Bayeux header injection (unauthenticated Camel control-header injection → downstream producer steering / RCE)
CVE-2026-46454CRITICAL13 jul 2026
Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
48RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46455 — Apache Camel camel-keycloak missing TokenVerifier.IS_ACTIVE check (expired access tokens accepted)
CVE-2026-46455CRITICAL13 jul 2026
Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
48RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-46456 — Apache Camel camel-aws2-sqs inbound message-attribute header injection (Camel control-header injection via sqs:SendMessage → downstream producer steering / RCE)
CVE-2026-46456CRITICAL13 jul 2026
Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers
48RIESGO
abrir
GitHub PoC
Reproducer for CVE-2026-43867 — Apache Camel camel-pqc AwsSecretsManagerKeyLifecycleManager unsafe key-metadata deserialization (RCE)
CVE-2026-43867CRITICAL13 jul 2026
Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
48RIESGO
abrir
GitHub PoC
Admin-only terminal bootstrap routes checked only for login state, which let a normal team member drive Coolify's realtime terminal backend and execute commands on team servers.
CVE-2026-34048CRITICAL13 jul 2026
Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers
48RIESGO
abrir
GitHub PoC
nuclei template for CVE-2026-56291
CVE-2026-56291CRITICALbajo ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RIESGO
abrir
GitHub PoC1
CVE-2026-6307 - Google Chrome V8 Turbofan Type Confusion Sandbox Escape - PoC & Analysis | CVSS 8.8 HIGH | AMN SECURITY
CVE-2026-6307HIGH13 jul 2026
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RIESGO
abrir
GitHub PoC
1beelze/CVE-2026-5118
CVE-2026-5118CRITICAL13 jul 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RIESGO
abrir
GitHub PoC1
Android version CVE-2026-43499 tester
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC
OPPO Find X6 Pro GhostLock (CVE-2026-43499) exploit adaptation
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC3
(Hopefully) A tool to root for (most) Android devices through CVE-2026-43499
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
GitHub PoC2
Multi OS Support: Version for MacOS/Linux and Windows, Fully translated to English
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir
página 1 / 435siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.