Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC3
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque12 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC1
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass
CVE-2026-50751CRITICALbajo ataqueransomware12 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC4
CVE-2026-35273
CVE-2026-35273CRITICALbajo ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir
GitHub PoC1
CVE-2026-35273
CVE-2026-35273CRITICALbajo ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
CVE-2026-46645MEDIUM12 jun 2026
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RIESGO
abrir
GitHub PoC2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
CVE-2026-28318HIGHbajo ataque12 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir
GitHub PoC3
Toolkit for CVE-2025-55182, also known as React2Shell.
CVE-2025-55182CRITICALbajo ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
CVE-2025-32433CRITICALbajo ataque12 jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
GitHub PoC
CVE-2026-0273 - Draft
CVE-2026-0273MEDIUM12 jun 2026
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RIESGO
abrir
GitHub PoC13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
CVE-2026-20253CRITICALbajo ataque12 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC2
CVE-2026-25089
CVE-2026-25089CRITICAL12 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
53RIESGO
abrir
GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE-2026-8809CRITICAL12 jun 2026
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RIESGO
abrir
GitHub PoC
CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE
CVE-2026-49777CRITICAL12 jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir
GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
CVE-2025-57819CRITICALbajo ataque12 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-45034
CVE-2026-45034CRITICAL11 jun 2026
PhpSpreadsheet: File::prohibitWrappers bypass
48RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2025-6440
CVE-2025-6440CRITICAL11 jun 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC
FangFang-Yi/CVE-2024-30088
CVE-2024-30088HIGHbajo ataqueransomware11 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
83RIESGO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RIESGO
abrir
GitHub PoC
CVE-2026-10795 – UpdraftPlus Authentication Bypass
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC
kaleth4/CVE-2021-4045
CVE-2021-4045CRITICAL11 jun 2026
TP-LINK Tapo C200 remote code execution vulnerability
70RIESGO
abrir
GitHub PoC1
CVE-2026-11645
CVE-2026-11645HIGHbajo ataque11 jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RIESGO
abrir
GitHub PoC39
A demonstration of read write using cve-2025-43529 on iOS 26.1
CVE-2025-43529HIGHbajo ataque11 jun 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RIESGO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-10795 The UpdraftPlus POC
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC
leehunkoo/cve-2013-4660_PoC
CVE-2013-466011 jun 2026
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
43RIESGO
abrir
GitHub PoC
CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.
CVE-2017-9841CRITICALbajo ataque11 jun 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-23550
CVE-2026-23550CRITICAL11 jun 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RIESGO
abrir
GitHub PoC
From deobfuscating code.js to root, CVE-2023-0386
CVE-2023-0386HIGHbajo ataque11 jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RIESGO
abrir
GitHub PoC
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
CVE-2025-55182CRITICALbajo ataqueransomware11 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.