Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.046exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit500
HP Poly Voice Unauthenticated Remote Code Execution
Poly Voice – Possible Remote Control of Certain Poly Devices
48RIESGO
abrir ↗Metasploit300
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir ↗Metasploit400
rxkad Page-Cache Write via CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗Metasploit400
xfrm-ESP Page-Cache Write via CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗Metasploit600
Dalfox Found-Action Deserialization RCE
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
43RIESGO
abrir ↗Metasploit300
Cisco Catalyst SD-WAN Controller vHub Authentication Bypass
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗Metasploit600
Apache ActiveMQ RCE via Jolokia addNetworkConnector
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir ↗Metasploit600
Copy Fail AF_ALG + authencesn Page-Cache Write
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗Metasploit600
cPanel/WHM CRLF Injection Authentication Bypass RCE
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
Xerte Online Toolkits Missing Authentication via connector.php
56RIESGO
abrir ↗Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
Xerte Online Toolkits File Upload RCE via elfinder Connector
63RIESGO
abrir ↗Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
Xerte Online Toolkits Path Disclosure via /setup
48RIESGO
abrir ↗Metasploit600
Flowise CSV Agent Prompt Injection RCE
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
43RIESGO
abrir ↗Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
Xerte Online Toolkits Path Traversal via connector.php
56RIESGO
abrir ↗Metasploit300
BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir ↗Metasploit600
Paperclip AI RCE using a chain of six API calls (CVE-2026-41679).
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
43RIESGO
abrir ↗Metasploit600
Supsystic Contact Form Wordpress Plugin SSTI RCE
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir ↗Metasploit300
Citrix ADC (NetScaler) CVE-2026-3055 Scanner
Insufficient input validation leading to memory overread
95RIESGO
abrir ↗Metasploit600
AVideo Encoder getImage.php Unauthenticated Command Injection
AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php
43RIESGO
abrir ↗Metasploit300
AVideo Unauthenticated SQL Injection Credential Dump
WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
43RIESGO
abrir ↗Metasploit600
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution
55RIESGO
abrir ↗Metasploit600
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache
36RIESGO
abrir ↗Metasploit600
openDCIM install.php SQL Injection to RCE
openDCIM <= 23.04 Missing Authorization in install.php
63RIESGO
abrir ↗Metasploit600
openDCIM install.php SQL Injection to RCE
openDCIM <= 23.04 SQL Injection in Config::UpdateParameter
43RIESGO
abrir ↗Metasploit600
openDCIM install.php SQL Injection to RCE
openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter
63RIESGO
abrir ↗Metasploit300
Cisco Catalyst SD-WAN Controller Authentication Bypass
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir ↗Metasploit500
GrandStream GXP1600 Unauthenticated Remote Code Execution
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
75RIESGO
abrir ↗Metasploit600
MajorDoMo Supply Chain RCE via Update Poisoning
MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
43RIESGO
abrir ↗Metasploit600
MajorDoMo Console Eval Unauthenticated RCE
MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
63RIESGO
abrir ↗página 1 / 116siguiente →
Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.