Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.086 exploits
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir ↗GitHub PoC
Root-Level RCE via OS Command Injection in Ivanti Sentry
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir ↗GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir ↗GitHub PoC★ 1
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC★ 1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir ↗GitHub PoC★ 1
A web version of the bash scripts wrote for Check Point CVE-2026-50751 and CVE-2026-50752. This uses a local server to scan and make changes using Check Point Web API
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RIESGO
abrir ↗GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir ↗GitHub PoC★ 9
0xCyberstan/CVE-2026-46215-POC
drm: Set old handle to NULL before prime swap in change_handle
41RIESGO
abrir ↗GitHub PoC★ 2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir ↗GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir ↗GitHub PoC
87achrafg-stack/CVE-2026-49083
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir ↗GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir ↗GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
CVE‑2024‑20399 - Draft
Cisco NX-OS Software CLI Command Injection Vulnerability
63RIESGO
abrir ↗GitHub PoC
mandeepsohal/CVE-2025-66391
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RIESGO
abrir ↗GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RIESGO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC★ 2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RIESGO
abrir ↗GitHub PoC
CVE-2026-7465 Spectra Gutenberg Blocks Authenticated RCE Exploit
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir ↗GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RIESGO
abrir ↗GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir ↗GitHub PoC
CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal Vulnerability (CWE-22) - Authenticated Remote File Write
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir ↗GitHub PoC
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.