Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
61RIESGO
abrir ↗GitHub PoC
Maxime288/CVE-2026-8838-RCE
Remote Code Execution via eval() Injection in amazon-redshift-python-driver
48RIESGO
abrir ↗GitHub PoC★ 2
Example application, vulnerable to CVE-2023-32692 (Validation Rule Injection in the PHP Framework CodeIgniter)
Remote Code Execution Vulnerability in Validation Placeholders
48RIESGO
abrir ↗GitHub PoC
Shell scanner for CVE-2026-31431 "Copy Fail" — a local privilege escalation via Linux kernel page cache corruption (algif_aead/AF_ALG). Checks kernel version, patch status, module state, setuid exposure and mitigations. Supports Debian 11–13 and Ubuntu 20.04–25.10. CI/CD-ready (exit codes + JSON output).
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
CVE-2026-30691: Stored Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitra
33RIESGO
abrir ↗GitHub PoC
Exploit code for CVE-2026-42096 and CVE-2026-42097 allowing for arbitrary SQL command execution without authentication.
Broken Access Control in Sparx Pro Cloud Server
41RIESGO
abrir ↗GitHub PoC
rufflabs/CVE-2026-36748
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RIESGO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-11344-RCE
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RIESGO
abrir ↗GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
suil12/CVE-2025-24813_presentation
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir ↗GitHub PoC
Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir ↗GitHub PoC
a.k.a. React2Shell
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RIESGO
abrir ↗GitHub PoC
Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC★ 1
This repository provides proof of concept (PoC) for the CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
Ne0zer01/CVE-2024-27198_LAB
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir ↗GitHub PoC
Lab for the CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir ↗GitHub PoC★ 4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RIESGO
abrir ↗GitHub PoC★ 1
这是一个面向防守和内网排查的 CVE-2026-42945 静态检测工具,用于检查 NGINX ngx_http_rewrite_module 相关配置是否存在高风险 rewrite 组合。
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC★ 1
这是一个面向防守和内网排查的 Apache ActiveMQ Classic 暴露面检测工具,用于辅助评估 CVE-2026-34197 相关风险。
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir ↗GitHub PoC
LAT-06/CVE-2026-34197
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir ↗GitHub PoC★ 1
IOC checker for the TanStack/Mini Shai-Hulud npm supply chain attack (CVE-2026-45321)
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗GitHub PoC
Desc "CVE-2026-8053 CHECKER"-20260518-16h30-GMT+7
FlatBSON Duplicate Field Index Drift
41RIESGO
abrir ↗GitHub PoC★ 3
暂无
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RIESGO
abrir ↗GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir ↗GitHub PoC
Research environment and validation scripts for evaluating deserialization behaviors in MLflow and MLServer.
Command Injection in mlflow/mlflow
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.