Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
NullByte8080/CVE-2026-36226
CVE-2026-36226MEDIUM22 may 2026
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensit
33RIESGO
abrir
GitHub PoC
NullByte8080/CVE-2026-36227
CVE-2026-36227MEDIUM22 may 2026
Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and e
33RIESGO
abrir
GitHub PoC
CVE-2026-20223
CVE-2026-20223CRITICAL22 may 2026
Cisco Secure Workload Unauthorized API Access Vulnerability
48RIESGO
abrir
GitHub PoC
96613686/CVE-2026-45584
CVE-2026-45584HIGH22 may 2026
Microsoft Defender Remote Code Execution Vulnerability
41RIESGO
abrir
GitHub PoC
CVE-2026-41091 / CVE-2026-45498 Microsoft Defender vulnerability scanner
CVE-2026-41091HIGHbajo ataque22 may 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RIESGO
abrir
GitHub PoC
Portable Python PoC for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHbajo ataque22 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Pumila03/CVE-2026-6009
CVE-2026-6009HIGH22 may 2026
Jaspersoft Library Deserialisation Vulnerability
41RIESGO
abrir
GitHub PoC
Divi Form Builder <= 5.1.2 — Unauthenticated Privilege Escalation via Role Injection
CVE-2026-5118CRITICAL22 may 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RIESGO
abrir
GitHub PoC2
CVE-2026-43494
CVE-2026-43494HIGH22 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
BastianXploited/CVE-2026-8181
CVE-2026-8181CRITICAL22 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC
jaf0rk/CVE-2026-5281
CVE-2026-5281HIGHbajo ataque22 may 2026
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render
71RIESGO
abrir
GitHub PoC
This vulnerability allows unauthenticated attackers who know a valid administrator username to impersonate that admin during REST API requests by using any incorrect password in a Basic Authentication header. Attackers could abuse this flaw to create a new administrator account without prior authentication.
CVE-2026-8181CRITICAL22 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC
CVE-2026-42208 - LiteLLM SQL Injection vulnerability scanner for BerriAI LiteLLM proxy instances
CVE-2026-42208CRITICALbajo ataque22 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC3
eprocess offset puller for relevant member offsets and function addresses for cve-2026-40369
CVE-2026-40369HIGH22 may 2026
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC
Portable Python PoC for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHbajo ataque22 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
logis11/CVE-2025-55423-analysis-and-reproduction
CVE-2025-55423CRITICAL22 may 2026
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the contr
48RIESGO
abrir
GitHub PoC
CVE-2024-6387 POC (Currently being edited)
CVE-2024-6387HIGH22 may 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965-
CVE-2022-22965CRITICALbajo ataque22 may 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
GitHub PoC
Python exploit toolkit for WordPress Crop Image RCE — CVE-2019-8942 & CVE-2019-8943
CVE-2019-894222 may 2026
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RIESGO
abrir
GitHub PoC
Critical WIC bug (9.8): uninitialized JPEG encode pointers in WindowsCodecs.dll — triggers on 12/16-bit re-encode, not casual preview.
CVE-2025-50165CRITICAL22 may 2026
Windows Graphics Component Remote Code Execution Vulnerability
48RIESGO
abrir
GitHub PoC
r3nsi15/CVE-2026-33017-langflow-rce
CVE-2026-33017CRITICALbajo ataque22 may 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RIESGO
abrir
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 may 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
CVE-2018-21268CRITICAL21 may 2026
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RIESGO
abrir
GitHub PoC
EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps
CVE-2013-181421 may 2026
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain s
60RIESGO
abrir
GitHub PoC
「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49
CVE-2021-41773HIGHbajo ataqueransomware21 may 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
ercihan/CVE-2026-40369
CVE-2026-40369HIGH21 may 2026
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
yangh-beep/CVE-2026-31431-C
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 may 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RIESGO
abrir
GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
CVE-2026-31635HIGH21 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.