Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
CVE-2026-8836CRITICAL31 may 2026
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RIESGO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
CVE-2026-48800HIGH31 may 2026
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-6553CRITICAL31 may 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2024-38475CRITICALbajo ataque31 may 2026
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC1
CVE-2026-45585
CVE-2026-45585MEDIUM31 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
VulnCheck XDB
local
CVE-2019-0211HIGHbajo ataque31 may 2026
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2014-3120HIGHbajo ataque31 may 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir
GitHub PoC
b1nhack/CVE-2024-1086
CVE-2024-1086HIGHbajo ataqueransomware31 may 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC2
CVE-2026-23744 RCE + Privilege Escalation
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
CVE-2026-23744 PoC
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
CVE-2023-6553CRITICAL31 may 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
CVE-2026-23744CRITICAL31 may 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir
VulnCheck XDB
local
CVE-2024-1086HIGHbajo ataqueransomware31 may 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
CVE-2024-38475CRITICALbajo ataque31 may 2026
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware31 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
CVE-2025-55182CRITICALbajo ataqueransomware31 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Dungsocool/CVE-2014-3120
CVE-2014-3120HIGHbajo ataque31 may 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
CVE-2019-905331 may 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC
Jeanback1/CVE-2019-0211-exploit
CVE-2019-0211HIGHbajo ataque31 may 2026
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALbajo ataqueransomware31 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
Exploit-DB
YAMCS yamcs-core 5.12.7 - No Rate Limiting
CVE-2026-44596MEDIUMwebappsmultiple30 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALbajo ataque30 may 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALbajo ataqueransomware30 may 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir
anteriorpágina 38 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.