Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHbajo ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC
Root-Level RCE via OS Command Injection in Ivanti Sentry
CVE-2026-10520CRITICAL18 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC1
CVE-2026-40369
CVE-2026-40369HIGH18 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALbajo ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC1
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALbajo ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHbajo ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC1
A web version of the bash scripts wrote for Check Point CVE-2026-50751 and CVE-2026-50752. This uses a local server to scan and make changes using Check Point Web API
CVE-2026-50751CRITICALbajo ataqueransomware18 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
CVE-2026-3359HIGH18 jun 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RIESGO
abrir
GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
CVE-2026-42208CRITICALbajo ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC9
0xCyberstan/CVE-2026-46215-POC
CVE-2026-46215HIGH18 jun 2026
drm: Set old handle to NULL before prime swap in change_handle
41RIESGO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALbajo ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
CVE-2026-49085CRITICAL17 jun 2026
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE‑2024‑20399 - Draft
CVE-2024-20399MEDIUMbajo ataque17 jun 2026
Cisco NX-OS Software CLI Command Injection Vulnerability
63RIESGO
abrir
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RIESGO
abrir
GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
CVE-2026-7459HIGH17 jun 2026
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RIESGO
abrir
GitHub PoC
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
CVE-2021-44228CRITICALbajo ataqueransomware17 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
CVE-2026-49952CRITICAL17 jun 2026
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RIESGO
abrir
GitHub PoC
CVE-2026-7465 Spectra Gutenberg Blocks Authenticated RCE Exploit
CVE-2026-7465HIGH17 jun 2026
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
CVE-2026-8206CRITICAL17 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALbajo ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir
GitHub PoC
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
CVE-2026-42758CRITICAL17 jun 2026
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir
GitHub PoC1
CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal Vulnerability (CWE-22) - Authenticated Remote File Write
CVE-2026-20262MEDIUMbajo ataque17 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir
GitHub PoC
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.