Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
CVE-2025-49132CRITICAL16 jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir
GitHub PoC
0xdak/CVE-2026-44881_exploit
CVE-2026-44881HIGH16 jun 2026
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RIESGO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHbajo ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
CVE-2026-45585MEDIUM16 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
CVE-2026-47101HIGH16 jun 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RIESGO
abrir
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHbajo ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC
ikarolaborda/CVE-2026-40176
CVE-2026-40176HIGH15 jun 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RIESGO
abrir
GitHub PoC3
PoC exploit for CVE-2026-53519.
CVE-2026-53519CRITICAL15 jun 2026
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RIESGO
abrir
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALbajo ataqueransomware15 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC2
DylanZahedi/CVE-2026-9277
CVE-2026-9277CRITICAL15 jun 2026
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RIESGO
abrir
GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812CRITICAL15 jun 2026
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RIESGO
abrir
GitHub PoC
Research and analysis of the ServiceNow Virtual Agent vulnerability (CVE-2025-12420), including attack flow, MITRE ATT&CK mapping, detection strategies, and mitigation recommendations.
CVE-2025-12420CRITICAL15 jun 2026
Unauthenticated Privilege Escalation in ServiceNow AI Platform
60RIESGO
abrir
GitHub PoC1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
CVE-2026-48849MEDIUM15 jun 2026
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RIESGO
abrir
GitHub PoC
ElianGonzi00/CVE-2025-2783
CVE-2025-2783HIGHbajo ataque15 jun 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir
GitHub PoC
testing
CVE-2026-0257HIGHbajo ataque15 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHbajo ataqueransomware15 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
CVE-2026-10795HIGH15 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
CVE-2026-49160HIGH15 jun 2026
HTTP.sys Denial of Service Vulnerability
53RIESGO
abrir
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALbajo ataque14 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2022-30190
CVE-2022-30190HIGHbajo ataqueransomware14 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 jun 2026
Unbounded resend loop in BIND 9 resolver
33RIESGO
abrir
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RIESGO
abrir
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHbajo ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALbajo ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RIESGO
abrir
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHbajo ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHbajo ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RIESGO
abrir
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.