Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-42647-Lab
CVE-2026-42647CRITICAL13 jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware13 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
razureink/cve-2026-49975-http2bomb_reproduction
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC1
Hunt-Benito/glinet-beryl-ax-triple-rce-cve-2026-11450-11451-11452-unauthenticated-root-on-travel-router
CVE-2026-11450MEDIUM13 jun 2026
GL.iNet GL-MT3000 Path Normalization dlopen command injection
33RIESGO
abrir
GitHub PoC3
CVE-2026-20253
CVE-2026-20253CRITICALbajo ataque13 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42647CRITICAL13 jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RIESGO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC1
HTTP/2 Bomb: HPACK indexed-reference amplification + flow-control stall. A high school student's full protocol analysis (LaTeX). CVE-2026-49975, CVE-2026-47774.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC1
(phpBB authentication bypass)
CVE-2026-48611CRITICAL13 jun 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RIESGO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2018-9276HIGHbajo ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir
GitHub PoC
webshellseo8/CVE-2026-1555-POC
CVE-2026-1555CRITICAL13 jun 2026
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RIESGO
abrir
GitHub PoC
A lightweight stdio-based MCP server for local file system operations — read, write, edit, search, exec for AI assistants. Specially optimized for Chatbox: bat-bypass for exec (CVE-2026-6130), b64 encoding to eliminate escaping issues, and multi-pattern regex for precise code block targeting.
CVE-2026-6130MEDIUM13 jun 2026
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
33RIESGO
abrir
VulnCheck XDB
client-side
CVE-2021-22204MEDIUMbajo ataque13 jun 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RIESGO
abrir
GitHub PoC1
CVE-2026-6279
CVE-2026-6279CRITICAL13 jun 2026
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RIESGO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-6279
CVE-2026-6279CRITICAL13 jun 2026
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RIESGO
abrir
GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
CVE-2026-48017HIGH13 jun 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RIESGO
abrir
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHbajo ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RIESGO
abrir
GitHub PoC1
CVE-2026-45447
CVE-2026-45447HIGH13 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RIESGO
abrir
GitHub PoC
AISec Plus Week 1 threat write-up — EchoLeak (CVE-2025-32711), zero-click indirect prompt injection in Microsoft 365 Copilot.
CVE-2025-32711CRITICAL13 jun 2026
M365 Copilot Information Disclosure Vulnerability
48RIESGO
abrir
GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE-2026-8809CRITICAL12 jun 2026
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
CVE-2026-46645MEDIUM12 jun 2026
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir
GitHub PoC
CVE-2026-0273 - Draft
CVE-2026-0273MEDIUM12 jun 2026
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RIESGO
abrir
GitHub PoC13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
CVE-2026-20253CRITICALbajo ataque12 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC1
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass
CVE-2026-50751CRITICALbajo ataqueransomware12 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
CVE-2026-20230HIGH12 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir
anteriorpágina 25 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.