Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.105exploits catalogados
31.648CVEs con explotación pública
0probados en laboratorio
13.114 exploits
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHbajo ataque30 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC
HAERIN-L/poc_cve-2026-42208
CVE-2026-42208CRITICALbajo ataque30 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC7
Notepad++ RCE via config.xml commandLineInterpreter
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALbajo ataque30 may 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALbajo ataqueransomware30 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
CVE-2026-39987 - Draft
CVE-2026-39987CRITICALbajo ataque30 may 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 may 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RIESGO
abrir
GitHub PoC1
POC_CVE-2026-42589
CVE-2026-42589CRITICAL30 may 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALbajo ataqueransomware30 may 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHbajo ataque30 may 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir
GitHub PoC
PHP poc, exploit for CVE-2025-9074
CVE-2025-9074CRITICAL30 may 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
CVE-2025-5947CRITICAL30 may 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir
GitHub PoC
CVE-2025-10162 Exploit
CVE-2025-10162HIGH30 may 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RIESGO
abrir
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 may 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir
GitHub PoC
Exploiting heap-based buffer overflow in sudo for privilege escalation
CVE-2021-3156HIGHbajo ataque30 may 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC1
writeup
CVE-2026-8697HIGH29 may 2026
Improper Authentication Rate Limiting on TP-Link's Archer C64
41RIESGO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 may 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 may 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RIESGO
abrir
GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
CVE-2022-22947CRITICALbajo ataque29 may 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 may 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 may 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RIESGO
abrir
GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque29 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
30RIESGO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware29 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.