Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALbajo ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC4
Detection scripts, patch checker & hardening guide for CVE-2026-44963 (Veeam B&R RCE)
CVE-2026-44963CRITICAL18 jun 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
48RIESGO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALbajo ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHbajo ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir
GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
CVE-2026-8206CRITICAL17 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
CVE-2026-49104CRITICAL17 jun 2026
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
PoC for CVE-2015-10141 – Xdebug unauthenticated RCE
CVE-2015-10141CRITICAL17 jun 2026
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RIESGO
abrir
GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
CVE-2026-49085CRITICAL17 jun 2026
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir
GitHub PoC1
CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal Vulnerability (CWE-22) - Authenticated Remote File Write
CVE-2026-20262MEDIUMbajo ataque17 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir
GitHub PoC
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RIESGO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-49083 LatePoint Calendar Booking Plugin Privilege Escalation Exploit
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RIESGO
abrir
GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALbajo ataque17 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
CVE-2021-3156HIGHbajo ataque17 jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
CVE-2026-39813 - Fortinet Sandbox - Draft
CVE-2026-39813CRITICAL17 jun 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.
53RIESGO
abrir
GitHub PoC
CVE-2026-7465 Spectra Gutenberg Blocks Authenticated RCE Exploit
CVE-2026-7465HIGH17 jun 2026
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RIESGO
abrir
GitHub PoC
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL17 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir
GitHub PoC
CVE-2026-45777 PoC
CVE-2026-45777CRITICAL17 jun 2026
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RIESGO
abrir
GitHub PoC
CVE-2026-5411 WP Captcha PRO
CVE-2026-5411HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-3442717 jun 2026
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RIESGO
abrir
VulnCheck XDB
client-side
CVE-2024-42009CRITICALbajo ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALbajo ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
anteriorpágina 21 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.