Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
71.062 exploits
VulnCheck XDB
local
CVE-2023-32629HIGH10 jun 2026
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks
56RIESGO
abrir
GitHub PoC
1-day exploit for CVE-2026-45258
CVE-2026-45258HIGH10 jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-24813CRITICALbajo ataque10 jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC
FreeBSD LPE
CVE-2026-49413HIGH10 jun 2026
Flaw in Linuxulator execution of setugid binaries
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL10 jun 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
CVE-2026-44963 - Draft - Veeam
CVE-2026-44963CRITICAL10 jun 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
48RIESGO
abrir
GitHub PoC2
HTTP.sys RCE
CVE-2026-47291CRITICAL10 jun 2026
HTTP.sys Remote Code Execution Vulnerability
53RIESGO
abrir
GitHub PoC
1-day exploit for CVE-2026-49417
CVE-2026-49417HIGH10 jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RIESGO
abrir
GitHub PoC1
SolarWinds Serv-U CVE-2026-28318: unauthenticated Content-Encoding: deflate crash. Root-cause analysis (invalid free of an interior pointer -> heap corruption) + DoS-only PoC. Fixed in 15.5.4 Hotfix 1.
CVE-2026-28318HIGHbajo ataque10 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RIESGO
abrir
VulnCheck XDB
local
CVE-2023-2640HIGH10 jun 2026
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlay
61RIESGO
abrir
GitHub PoC3
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload [POC & Xploit]
CVE-2026-9067CRITICAL10 jun 2026
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
48RIESGO
abrir
GitHub PoC1
Validation report for the RoguePlanet Microsoft Defender PoC in a controlled Windows 11 lab environment, including build notes, Defender detection results, risk assessment, and mitigation recommendations.
CVE-2026-50656HIGH10 jun 2026
Microsoft Defender Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC
Saku0512/CVE-2026-48732-poc
CVE-2026-48732HIGH10 jun 2026
Warp: Remote SSH cwd can lead to unauthorized remote command execution
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-5027HIGH10 jun 2026
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHbajo ataque10 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC2
CVE-2026-49975
CVE-2026-49975HIGH10 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RIESGO
abrir
GitHub PoC
Dhananjayasj/CVE-2025-24813-Apache-Tomcat-Partial-PUT-Deserialization-RCE-
CVE-2025-24813CRITICALbajo ataque10 jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC
CVE-2026-42945 Nginx Rift
CVE-2026-42945CRITICAL10 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
Vulnerability: Logic flow weakness in Remote Access and Mobile Access
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC1
Vulnerability: On affected Arista EOS platforms with tunnel decapsulation
CVE-2026-7473MEDIUMbajo ataque10 jun 2026
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
63RIESGO
abrir
GitHub PoC
WORDPRESS
CVE-2026-5718HIGH10 jun 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC
CVE-2026-50751 Check Point IKEv1 vulnerability scanner
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC5
watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
CVE-2026-50751CRITICALbajo ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RIESGO
abrir
GitHub PoC
CLI rewrite of the Drupalgeddon2 (CVE-2018-7600) PoC — for authorised testing/education
CVE-2018-7600CRITICALbajo ataqueransomware10 jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
GitHub PoC
Layer-6/CVE-2026-5027-Langflow
CVE-2026-5027HIGH10 jun 2026
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RIESGO
abrir
GitHub PoC2
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
CVE-2026-10520CRITICAL10 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RIESGO
abrir
GitHub PoC3
# CVE-2026-11645 - Chrome V8 Out-of-Bounds Read/Write Exploit
CVE-2026-11645HIGHbajo ataque10 jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALbajo ataqueransomware10 jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
GitHub PoC1
GrayXploit Security research and defensive team validate this toolkit for CVE-2026-0257 (PAN-OS GlobalProtect Authentication Bypass). Includes vulnerability assessment, detection guidance, technical analysis, indicators of compromise (IOCs), and remediation validation resources for security teams and defenders.
CVE-2026-0257HIGHbajo ataque10 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
anteriorpágina 28 / 2369siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.