Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
CVE-2026-34474HIGH19 may 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir
GitHub PoC1
RedCrazyGhost/CVE-2026-42945
CVE-2026-42945CRITICAL19 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
NGINX CVE-2026-42945 一键修复脚本
CVE-2026-42945CRITICAL19 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
POC_CVE-2026-45185 for nuclei-templates
CVE-2026-45185CRITICAL19 may 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RIESGO
abrir
GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
CVE-2025-55182CRITICALbajo ataqueransomware19 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-11344-RCE
CVE-2026-11344MEDIUM19 may 2026
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RIESGO
abrir
GitHub PoC
rufflabs/CVE-2026-36748
CVE-2026-36748CRITICAL19 may 2026
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RIESGO
abrir
GitHub PoC
suil12/CVE-2025-24813_presentation
CVE-2025-24813CRITICALbajo ataque19 may 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC
Exploit code for CVE-2026-42096 and CVE-2026-42097 allowing for arbitrary SQL command execution without authentication.
CVE-2026-42096HIGH19 may 2026
Broken Access Control in Sparx Pro Cloud Server
41RIESGO
abrir
GitHub PoC
Shell scanner for CVE-2026-31431 "Copy Fail" — a local privilege escalation via Linux kernel page cache corruption (algif_aead/AF_ALG). Checks kernel version, patch status, module state, setuid exposure and mitigations. Supports Debian 11–13 and Ubuntu 20.04–25.10. CI/CD-ready (exit codes + JSON output).
CVE-2026-31431HIGHbajo ataque19 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-40217HIGH19 may 2026
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t
41RIESGO
abrir
GitHub PoC1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC5
CVE-2026-31635
CVE-2026-31635HIGH19 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC1
Dirty Frag - kernel Linux critical Vulnerability
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
LAT-06/CVE-2026-34197
CVE-2026-34197HIGHbajo ataque18 may 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC
a.k.a. React2Shell
CVE-2025-55182CRITICALbajo ataqueransomware18 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
这是一个面向防守和内网排查的 Apache ActiveMQ Classic 暴露面检测工具,用于辅助评估 CVE-2026-34197 相关风险。
CVE-2026-34197HIGHbajo ataque18 may 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
暂无
CVE-2026-39636MEDIUM18 may 2026
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RIESGO
abrir
GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
CVE-2026-34472HIGH18 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
GitHub PoC
Desc "CVE-2026-8053 CHECKER"-20260518-16h30-GMT+7
CVE-2026-8053HIGH18 may 2026
FlatBSON Duplicate Field Index Drift
41RIESGO
abrir
GitHub PoC
CaginKyr/CVE-2026-5203
CVE-2026-5203MEDIUM18 may 2026
CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
33RIESGO
abrir
GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
CVE-2026-46300HIGH18 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
This repository contains information about the CVE-2026-36438
CVE-2026-36438MEDIUM18 may 2026
An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information
33RIESGO
abrir
GitHub PoC
Ne0zer01/CVE-2024-27198_LAB
CVE-2024-27198CRITICALbajo ataqueransomware18 may 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir
GitHub PoC
Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.
CVE-2017-5638CRITICALbajo ataqueransomware18 may 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
GitHub PoC1
这是一个面向防守和内网排查的 CVE-2026-42945 静态检测工具,用于检查 NGINX ngx_http_rewrite_module 相关配置是否存在高风险 rewrite 组合。
CVE-2026-42945CRITICAL18 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.