Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC★ 1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
CVE-2025-30208 exploit script
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir ↗GitHub PoC★ 62
CVE-2026-41940 exploitation proof-of-concept project
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗VulnCheck XDB
info-leak
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir ↗GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir ↗GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RIESGO
abrir ↗VulnCheck XDB
info-leak
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC★ 1
Mass Scanner For Drupal Exploit CVE-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RIESGO
abrir ↗VulnCheck XDB
initial-access
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir ↗GitHub PoC
0xdak/CVE-2026-44881_exploit
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RIESGO
abrir ↗GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir ↗GitHub PoC
CVE-2026-20262 - Draft
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RIESGO
abrir ↗GitHub PoC
ElianGonzi00/CVE-2025-2783
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir ↗GitHub PoC★ 4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
HTTP.sys Denial of Service Vulnerability
53RIESGO
abrir ↗GitHub PoC
webapp vulnerable to CVE-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗VulnCheck XDB
client-side
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir ↗GitHub PoC★ 2
DylanZahedi/CVE-2026-9277
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RIESGO
abrir ↗GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir ↗VulnCheck XDB
initial-access
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗VulnCheck XDB
initial-access
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir ↗GitHub PoC★ 1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RIESGO
abrir ↗GitHub PoC
ikarolaborda/CVE-2026-40176
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RIESGO
abrir ↗GitHub PoC★ 3
PoC exploit for CVE-2026-53519.
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.