Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
CVE-2025-57819CRITICALbajo ataque12 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RIESGO
abrir
GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
CVE-2025-32433CRITICALbajo ataque12 jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
GitHub PoC9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir
GitHub PoC2
CVE-2026-25089
CVE-2026-25089CRITICALbajo ataque12 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
83RIESGO
abrir
GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE-2026-8809CRITICAL12 jun 2026
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RIESGO
abrir
GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
CVE-2026-20230HIGH12 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RIESGO
abrir
GitHub PoC13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
CVE-2026-20253CRITICALbajo ataque12 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RIESGO
abrir
GitHub PoC1
FOSSBilling CVE-2026-53647 & CVE-2026-53646 PoC — Unauthenticated API key disclosure & password reset token reuse
CVE-2026-53647MEDIUM12 jun 2026
FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint
33RIESGO
abrir
GitHub PoC2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
CVE-2026-28318HIGHbajo ataque12 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir
GitHub PoC
CVE-2026-0273 - Draft
CVE-2026-0273MEDIUM12 jun 2026
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RIESGO
abrir
GitHub PoC3
CVE-2026-48907
CVE-2026-48907CRITICALbajo ataque12 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALbajo ataqueransomware12 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-9841CRITICALbajo ataque11 jun 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
GitHub PoC15
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
CVE-2026-48907CRITICALbajo ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RIESGO
abrir
GitHub PoC
CVE-2026-23479 Redis Use-After-Free vulnerability detection tool
CVE-2026-23479HIGH11 jun 2026
redis-server use-after-free in unblock client flow may allow remote code execution
41RIESGO
abrir
GitHub PoC
anirudhmakkar/cve-2026-7665
CVE-2026-7665MEDIUM11 jun 2026
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC
byte16384/CVE-2026-49492-PoC
CVE-2026-49492HIGH11 jun 2026
Markdown Preview Enhanced OS Command Injection in External File and Link Opening
41RIESGO
abrir
GitHub PoC
xxconi/CVE-2025-6254
CVE-2025-6254CRITICAL11 jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-4045CRITICAL11 jun 2026
TP-LINK Tapo C200 remote code execution vulnerability
70RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23550CRITICAL11 jun 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RIESGO
abrir
VulnCheck XDB
local
CVE-2023-21768HIGH11 jun 2026
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RIESGO
abrir
GitHub PoC
CVE-2026-40791: Unauthenticated stored XSS in WP Time Slots Booking Form <= 1.2.46
CVE-2026-40791HIGH11 jun 2026
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir
GitHub PoC
Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
CVE-2026-44166MEDIUM11 jun 2026
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
33RIESGO
abrir
GitHub PoC
CVE-2026-10795 The UpdraftPlus POC
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RIESGO
abrir
anteriorpágina 26 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.