Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC
yurahshell/CVE-2025-49132
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC★ 19
TheCyberGeek/CVE-2026-4480-PoC
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RIESGO
abrir ↗GitHub PoC
t1ckprivate/CVE-2026-43284-Dirty-Frag
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
yurahshell/CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
t1ckprivate/CVE-2026-31431-Copy-Fail
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-48866 — Gravity Forms <= 2.10.0.1 Arbitrary File Deletion via Path Traversal (CVSS 9.6)
WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
48RIESGO
abrir ↗VulnCheck XDB
info-leak
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC★ 64
Safely detect whether a UniFi OS Server is vulnerable to CVE-2026-34908
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de
78RIESGO
abrir ↗GitHub PoC
react CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
react2shell - CVE-2025-55182 (Next.js: CVE-2025-66478) - Unauthenticated RCE in React Server Components (Flight Protocol) - PoC Exploit
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
Dhananjayasj/CVE-2024-1698-NotificationX-WordPress-Plugin-SQL-Injection-to-Admin-Credential-Extraction
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RIESGO
abrir ↗GitHub PoC
PoC CVE-2026-8732 (WP Maps Pro <= 6.1.0)
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC★ 13
Attack surface in the real-world environment of CVE-2026-41096
Windows DNS Client Remote Code Execution Vulnerability
48RIESGO
abrir ↗VulnCheck XDB
info-leak
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RIESGO
abrir ↗GitHub PoC
Improved Metasploit module for CVE-2013-6117 (Dahua DVR authentication bypass)
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RIESGO
abrir ↗GitHub PoC
CVE-2026-45247 - Draft
Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection
83RIESGO
abrir ↗VulnCheck XDB
info-leak
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RIESGO
abrir ↗GitHub PoC★ 9
strivepan/ActiveMQ-cve-2026-42588-scanner-gui
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RIESGO
abrir ↗GitHub PoC
YellowKey | BitLocker Bypass Vulnerability (CVE-2026-45585)
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC★ 1
horrister/solarwinds-sunburst-cve-2020-10148
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
0-Click RCE Android Adb TLS Wireless Debugging
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RIESGO
abrir ↗GitHub PoC
HTB Facts is a Easy Linux box featuring Camaleon CMS and MinIO. Gain admin access via open registration and a mass assignment vulnerability, then extract MinIO credentials from admin settings. Use CVE-2024-46987 path traversal to steal an SSH private key, crack its passphrase, and escalate to root by abusing sudo permissions on facter via GTFOBins.
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir ↗GitHub PoC
CVE-2026-23631-Draft
redis-server Lua use-after-free may allow remote code execution
33RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.