Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
Exploitability PoC for CVE-2026-43515 (Apache Tomcat constraint bypass).
CVE-2026-43515CRITICAL19 jun 2026
Apache Tomcat: Security constraints not correctly applied
48RIESGO
abrir
GitHub PoC
Повышение привилегий через race condition в polkit
CVE-2021-3560HIGHbajo ataque19 jun 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RIESGO
abrir
GitHub PoC6
PoC exploit for CVE-2023-6019 - Remote Code Execution via unauthenticated Ray Dashboard Jobs API.
CVE-2023-6019CRITICAL19 jun 2026
Ray Command Injection in cpu_profile Parameter
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2022-0543CRITICALbajo ataque19 jun 2026
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RIESGO
abrir
GitHub PoC
AlexMihailEngineer/CVE-2026-11784-Optimole-CSRF
CVE-2026-11784MEDIUM19 jun 2026
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action
33RIESGO
abrir
GitHub PoC
CVE-2026-7515: BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion TO RCE EXPLOİT
CVE-2026-7515CRITICAL19 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RIESGO
abrir
GitHub PoC
xxconi/CVE-2026-4782
CVE-2026-4782MEDIUM19 jun 2026
Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter
33RIESGO
abrir
GitHub PoC1
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALbajo ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
Store vulnerability POC files including CVE-2026-42588 Spring RCE xml payload
CVE-2026-42588HIGH18 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RIESGO
abrir
GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
CVE-2026-42208CRITICALbajo ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHbajo ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
CVE-2026-3359HIGH18 jun 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RIESGO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALbajo ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC1
Unauthenticated Local File Inclusion
CVE-2026-7515CRITICAL18 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RIESGO
abrir
GitHub PoC
Root-Level RCE via OS Command Injection in Ivanti Sentry
CVE-2026-10520CRITICAL18 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-27876HIGHbajo ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RIESGO
abrir
GitHub PoC
CVE-2025-6254 — Doctreat Core <= 1.6.8 — Unauthenticated Privilege Escalation
CVE-2025-6254CRITICAL18 jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RIESGO
abrir
VulnCheck XDB
local
CVE-2025-21479HIGHbajo ataque18 jun 2026
Incorrect Authorization in Graphics
71RIESGO
abrir
GitHub PoC1
A web version of the bash scripts wrote for Check Point CVE-2026-50751 and CVE-2026-50752. This uses a local server to scan and make changes using Check Point Web API
CVE-2026-50751CRITICALbajo ataqueransomware18 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-7515CRITICAL18 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RIESGO
abrir
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHbajo ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALbajo ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC9
0xCyberstan/CVE-2026-46215-POC
CVE-2026-46215HIGH18 jun 2026
drm: Set old handle to NULL before prime swap in change_handle
41RIESGO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42208CRITICALbajo ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC1
CVE-2026-40369
CVE-2026-40369HIGH18 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC
Fortinet FortiSandbox 4.4.0-4.4.8 - OS Command Injection via tracer-behavior Endpoint
CVE-2026-39808CRITICAL18 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
75RIESGO
abrir
anteriorpágina 20 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.