Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
CVE-2026-42758CRITICAL17 jun 2026
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-49083 LatePoint Calendar Booking Plugin Privilege Escalation Exploit
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir
GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2026-39813 - Fortinet Sandbox - Draft
CVE-2026-39813CRITICAL17 jun 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.
53RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir
GitHub PoC
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RIESGO
abrir
GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RIESGO
abrir
GitHub PoC
akpmarcelin/CVE-2026-24061-lab
CVE-2026-24061CRITICALbajo ataque17 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
CVE-2026-39808CRITICAL17 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
75RIESGO
abrir
GitHub PoC132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
CVE-2026-46331HIGH17 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RIESGO
abrir
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
CVE-2026-49104CRITICAL17 jun 2026
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
0xdak/CVE-2026-44881_exploit
CVE-2026-44881HIGH16 jun 2026
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RIESGO
abrir
GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
CVE-2026-47101HIGH16 jun 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RIESGO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHbajo ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHbajo ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHbajo ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC62
CVE-2026-41940 exploitation proof-of-concept project
CVE-2026-41940CRITICALbajo ataqueransomware16 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMbajo ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir
GitHub PoC1
Mass Scanner For Drupal Exploit CVE-2026-9082
CVE-2026-9082CRITICALbajo ataque16 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
Saku0512/CVE-2026-54686-poc
CVE-2026-54686MEDIUM16 jun 2026
Warp: DCS lifecycle hook spoofing can alter terminal session metadata
33RIESGO
abrir
GitHub PoC1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
CVE-2025-55182CRITICALbajo ataqueransomware16 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
CVE-2025-30208 exploit script
CVE-2025-30208MEDIUM16 jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir
GitHub PoC
CVE-2025-49844 exploit script
CVE-2025-49844CRITICAL16 jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RIESGO
abrir
GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
CVE-2024-23897CRITICALbajo ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.