Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC★ 2
⚠️ DISCLAIMER: This tool is intended for authorized penetration testing and educational purposes only. Using this tool against systems without explicit written permission is illegal. The developers are not responsible for any misuse or damage caused.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
mein-0/cve-2026-0828
Kernel driver vulnerability in Safetica Endpoint Client
41RIESGO
abrir ↗GitHub PoC
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir ↗GitHub PoC
PrintNightmare Report
Windows Print Spooler Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
thinhap/CVE-2026-9082-PoC
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC★ 18
CVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication
Gitea Composer package source links use insufficient permission checks
68RIESGO
abrir ↗GitHub PoC
0x00phantom-hat/Hoverfly-1.11.3-RCE-CVE-2025-54123-Exploit
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir ↗GitHub PoC
CVE-2026-27771 - Draft
Gitea Composer package source links use insufficient permission checks
68RIESGO
abrir ↗GitHub PoC
CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RIESGO
abrir ↗GitHub PoC
this is a study about CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗GitHub PoC★ 1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir ↗GitHub PoC★ 3
Ghost Content API SQL Injection
Ghost has a SQL Injection in its Content API
75RIESGO
abrir ↗GitHub PoC
SOC336 - Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025-21298) Walkthrough
Windows OLE Remote Code Execution Vulnerability
70RIESGO
abrir ↗GitHub PoC
Dungsocool/CVE-2017-10271
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RIESGO
abrir ↗GitHub PoC
lwd3c/CVE-2026-47342
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RIESGO
abrir ↗GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893
33RIESGO
abrir ↗GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172
41RIESGO
abrir ↗GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RIESGO
abrir ↗GitHub PoC
SSRF Discovered in Mercator
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RIESGO
abrir ↗GitHub PoC
Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir ↗GitHub PoC
Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir ↗GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir ↗GitHub PoC
CVE-2026-3296 is a CVSS 9.8 Critical unauthenticated PHP Object Injection vulnerability in the Everest Forms WordPress plugin
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
48RIESGO
abrir ↗GitHub PoC★ 1
Proof-of-concept for CVE-2026-43284 — 4-byte XFRM/ESP page-cache write primitive to patch a setuid binary (x86_64, user namespaces). Includes kernel preflight + SUID scan.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
CVE-2026-5364 is a CVSS 8.1 (High) Unauthenticated Arbitrary File Upload vulnerability in the Drag and Drop File Upload for Contact Form 7
Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
41RIESGO
abrir ↗GitHub PoC
CVE-2026-5426
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
48RIESGO
abrir ↗GitHub PoC
xxconi/CVE-2026-2942
ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
48RIESGO
abrir ↗GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.